More Kaspersky Zero Days Revealed by Google Hacker
Google Hacker Tavis Ormandy has previously revealed vulnerabilities in the Russian anti-virus Kaspersky Labs. He has now revealed more vulnerabilities in their system framework. Ormandy is famous for finding vulnerabilities in major anti-virus vendors to help them improve their security.
Tavis Ormandy has revealed more vulnerabilities in the system framework of Kaspersky, one of the largest and most reputed anti-virus vendors in the world. He turned his attention to Kaspersky after exposing vulnerabilities in Sophos and ESSET. Tavis had released a report earlier this month about some security vulnerabilities that he found in Kaspersky and has now revealed an even more dangerous flaw in the anti-virus vendor’s system.
The flaw can supposedly harm other companies that use the same engine that Kaspersky use, which include companies like Check Point’s ZoneAlarm. The new exploits are described in a blog post by Google Project Zero. One of the exploits can be executed by simply sending an email to a target or having the user visit a website.
According to the report by Tavis, the first flaw was associated with how Kaspersky manages ThinApp or Thinstall containers. These are virtual wrappers around an application. During his research, Ormandy found that Kaspersky had not turned on a security feature required to prevent buffer overflows. If buffer overflows can happen, then a malicious program can gain access to memory stored outside the boundary of the application it targets.
Although Kaspersky had turned on a feature to allocate memory randomly so as to make it difficult for an attacker to know where to strike, Ormandy’s research reveals that the allocation is not quite random.
Ormandy used a Windows DLL file as the carrier of his attack code. DLL files are designed to allow different programs to share resources for performing tasks. This exploit, according to Ormandy, works on Kaspersky versions 15 and 16 on Windows 7. The anti-virus company, though, said that it had no knowledge of such a vulnerability had been exploited in their systems.
Although Ormandy said that there were more vulnerabilities in their systems, he was pleased with how they had responded to his previous reports about their vulnerabilities. He said that Kaspersky had tackled those issues quite promptly and expected the same from them in the future as well.
Exposing of such appalling vulnerabilities in the most widely used anti-virus vendors has highlighted the need for such vendors to buff up their security mechanisms. Since they are granted many privileges on a user’s system, an attack targeting them could lead to serious damage to a system.
Image from A.Penkov / Shutterstock.