Red-faced McAfee patches flaw in its security software

McAfee has released an update for its Security Center software package to patch a security flaw that would have allowed attackers to obtain a user's password and other personal data.

Security firm eEye Digital Security announced the flaw last week, but released details to an embarassed McAfee beforehand and no attackers are believed to have exploited it.

The flaw relies on users loading a malicious web page, generated by an attacker, in Internet Explorer. The vulnerability in McAfee's software would then provide access to personal information.

The security patch will be automatically installed for users who have enabled updating in this way, otherwise it can be applied manually via the Security Center console.

Security Center contains McAfee's flagship products: Antispyware, Personal Firewall Plus, Virus Scan and ironically its Internet Security Suite.

eEye, founded in 1998, has a history of exposing flaws in popular software products including Microsoft's Internet Explorer and IIS web server.