Kaspersky Lab has pushed out an update to address a serious antivirus vulnerability reported over the weekend by a Google security engineer.
Google’s Tavis Ormandy reported on Saturday that he had discovered a flaw affecting the 2015 and 2016 versions of Kaspersky’s antivirus products. A screenshot published by the expert shows a successful exploit against Kaspersky Anti-Virus, but it’s unclear if Kaspersky Internet Security and other products were affected as well.
The researcher hasn’t disclosed any details, but he says the issue is “as bad as it gets.” The vulnerability appears to be a buffer overflow affecting the application’s default configuration. Ormandy said his system exploit could have been used remotely with zero interaction.
The researcher reported his findings to Kaspersky and the security firm released a patch within 24 hours.