Incident Response, TDR, Vulnerability Management

Security researcher reveals Kaspersky zero days

A security researcher at Google has discovered more zero-day exploits in Kaspersky's anti-virus software.

Tavis Omandy, the security researcher, discovered several vulnerabilities. One involved a security measure Kaspersky had used to randomise memory allocation so hackers could not so easily exploit their location. Unfortunately, the memory allocation was not random and Omandy effectively used a Windows DLL file, used to allow programs to share resources, to effectively execute an attack.

A zero-day vulnerability is an unaddressed and previously unknown vulnerability. Considered extremely dangerous, they are called zero-day vulnerabilities because upon discovery, developers have very little time, or ‘zero days', to fix the vulnerability that might be imminently exploited or may have already been exploited.

This news comes quickly after a security researcher found flaws in FireEye products over last weekend which can result in unauthorised file disclosure. Omandy himself discovered several security flaws earlier this month in Sophos and ESET software.

Kaspersky is producing a fix for the vulnerability and published an official statement, saying that “We would like to thank Mr. Tavis Omandy for reporting to us a buffer overflow vulnerability, which our specialists fixed within 24 hours of its disclosure.” 

They added that, “a fix has already been distributed via automatic updates to all our clients and customers”.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.