Tavis Ormandy, its Information Security technician Google, discovered a zero-day exploit in Kaspersky's antivirus, and announced it on Twitter on Saturday night.
According to Ormandy's tweet, he discovered a zero-day exploit in Kaspersky's antivirus, in the 15.x and 16.x versions.
[tweet_embed id = 639992212164513792]
He later provided more details about the vulnerability stating "a remote zero SYSTEM exploit, in the default config."
The zero-day bug in Kaspersky products allows an attacker to easily infiltrate the computer of the victim, and gain system-level privileges, which allows them to do whatever they want without restrictions.
The Kaspersky team immediately responded to the tweet looking for ways to secure their applications. Even the company's president, Eugene Kaspersky, was interested in the matter.
A day later, on Sunday morning, Kaspersky announced an updated version in its products.
It should be mentioned that Google's security engineer, Mr. Ormandy has previously discovered vulnerabilities in several "security" applications from major companies such as Sophos and ESET. It has also discovered a zero-day vulnerability in the Help Center and supportof Windows XP.
Security researchers such as Graham Cluley are particularly critical of Ormandy's methods because he does not follow the protocol of reporting the vulnerability first to the company directly concerned, but discloses the information public.