- Oct 23, 2012
- 12,527
Kaspersky quickly rolls out update to fix the issue
Tavis Ormandy, an Information Security Engineer at Google, has found a zero-day exploit in Kaspersky's antivirus product, as he announced on Twitter last Saturday.
According to Ormandy's tweet, the Google security researcher had found a zero-day exploit in Kaspersky's antivirus, versions 15.x and 16.x.
Later on he detailed the vulnerability as "a remote, zero interaction SYSTEM exploit, in default config."
Tavis Ormandy, an Information Security Engineer at Google, has found a zero-day exploit in Kaspersky's antivirus product, as he announced on Twitter last Saturday.
According to Ormandy's tweet, the Google security researcher had found a zero-day exploit in Kaspersky's antivirus, versions 15.x and 16.x.
Later on he detailed the vulnerability as "a remote, zero interaction SYSTEM exploit, in default config."
Basically, the Kaspersky zero-day bug would have permitted an attacker to easily infiltrate the victim's computer, and gain system-level privileges, allowing him to carry on any kind of attacks without restrictions.
The Kaspersky team was very responsive to a tweet seeking contact with their security staff, even the company's president, Eugene Kaspersky, getting involved and making sure the vulnerability was properly and privately disclosed.
Kaspersky announced an update in less than 24 hours
One day later, on Sunday morning, Kaspersky announced a worldwide update for its product.
Since so little details were provided on Twitter, and Kaspersky released an update in less than 24 hours, there are small chances this vulnerability was ever used by any malicious actor.
This is not the first time Ormandy exposed a flaw in a security product, the Google engineer previously discovering and disclosing vulnerabilities in Sophos and ESET's antivirus engines. He also found a zero-day vulnerability in Windows XP's Help and Support Center.
Security researchers like Graham Cluley have been highly critical of Ormandy in the past because he doesn't seem to want to follow regular protocol when it comes to disclosing bugs to software manufacturers.
Instead, Ormandy just puts the information online, which can easily be picked up by hackers and integrated in exploit kits. This time, the details he provided were scarcer, and he seems to have followed the "unofficial" disclosure protocol.
Softpedia reached out to Kaspersky and we'll update the article as new information comes to light.
Okay, first Kaspersky exploit finished, works great on 15 and 16. Will mail report after dinner. /cc @ryanaraine pic.twitter.com/IpifiWpoEU — Tavis Ormandy (@taviso) September 5, 2015 Kaspersky tell me they're rolling out a fix globally right now, that was less than 24hrs. — Tavis Ormandy (@taviso) September 6, 2015