Tavis Ormandy, an Information Security engineer at Google, discovered a zero-day exploit in the antivirus of Kaspersky, and announced it on Twitter on Saturday night.
According to Ormandy's tweet, he discovered a zero-day exploit in Kaspersky's antivirus, in the 15.x and 16.x versions.
[tweet_embed id = 639992212164513792]
He later provided more details about the vulnerability stating "a remote zero SYSTEM exploit, in the default config."
The zero-day bug in Kaspersky's products allows an attacker to easily penetrate the victim's computer, and gain system privileges, allowing him to do what he wants without limitations.
The Kaspersky team immediately responded to the tweet looking for ways to secure them applications their. Even the president of the company, Eugene Kaspersky, was interested in the matter.
One day later, on Sunday morning, Kaspersky announced an updated version of its products.
Mention that the technician security of Google, Mr. Ormandy has discovered in the past vulnerabilities in more "security" applications from big companies like Sophos and ESET. It has also discovered a zero-day vulnerability in the Windows XP Help and Support Center.
Security researchers, such as Graham Cluley, are particularly critical of Ormandy's methods because he does not follow the vulnerability reporting protocol first to the company that is directly interested, but it publishes the information publicly.