Symantec has released new information and a patch to address the recent code exposure incident.

Initially, Symantec downplayed the incident, saying the exposed code was outdated. More recently, however, Symantec has stated that users of pcAnywhere are at increased risk.

The Symantec website states that, because of the age of the exposed source, “Symantec anti-virus or endpoint security customers – including those running Norton products – should not be in any increased danger of cyber attacks resulting from this incident.” Customers of Symantec’s pcAnywhere do have increased risk as a result of this incident, but on January 27, 2012, Symantec released a patch that eliminates known vulnerabilities affecting pcAnywhere 12.0 and pcAnywhere 12.1.

At this time, Symantec recommends that all customers upgrade to pcAnywhere 12.5, apply all relevant patches as they are released, and follow general security best practices. If customers are unable to adhere to these guidelines and have not installed the latest version with current patches, they should contact pcanywhere@symantec.com for additional assistance.
Symantec has issued a technical whitepaper containing security recommendations in regard to pcAnywhere and is issuing updates about the code vulnerability as events unfold.