PCPro reports that researchers from the YGN Ethical Hacker Group have published three security flaws in McAfee’s website online. As CNET News notes, one bug involves cross-site scripting, while the other two deal with information disclosure.
According to The Inquirer, YGN warned McAfee about the bugs in February. McAfee said it was “working to resolve the issue.” But as of March 27, the vulnerabilities still existed.
McAfee has acknowledged the bugs and says it is working to fix them, but assures users:
It is important to note that these vulnerabilities do not expose any of McAfee’s customer, partner or corporate information … Additionally, we have not seen any malicious exploitation of the vulnerabilities.