Tavis Ormandy, a Google Information Security technician, discovered a zero-day exploit in Kaspersky's antivirus, and announced it on Twitter Saturday night.
According to Ormandy's tweet, he discovered a zero-day exploit in Kaspersky's antivirus, in the 15.x and 16.x versions.
[tweet_embed id = 639992212164513792]
He later provided more details about the vulnerability, citing “a remote zero SYSTEM exploit, at default config.”
The zero-day bug in products Kaspersky allows an attacker to easily infiltrate the victim's computer, and gain system-level privileges, which allows him to do whatever he wants without restrictions.
The Kaspersky team immediately responded to the tweet looking for ways to secure their applications. Even the company's president, Eugene Kaspersky, was interested in the matter.
One day later, on Sunday morning, Kaspersky announced an updated version of its products.
It should be noted that Google security technician Ormandy has in the past discovered vulnerabilities in more "security" applications from large companies such as Sophos and ESET. It has also discovered a zero-day vulnerability in the Windows XP Help and Support Center.
Security researchers, such as Graham Cluley, are particularly critical of Ormandy's methods because he does not follow the vulnerability reporting protocol first to the company that is directly interested, but it publishes the information publicly.