Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

Kaspersky Lab introduces patch for security vulnerability

Tuesday 8 September 2015 | 01:06 PM CET

Kaspersky Lab has released an emergency patch for some of its antivirus products after a security researcher found a critical vulnerability that could allow hackers to compromise computers.

The Kaspersky Anti-Virus vulnerability can be exploited remotely, without any user interaction and with SYSTEM privileges.

A Kaspersky Lab representative said in an e-mailed statement that the vulnerability was a stack overflow and was patched within 24 hours of the company receiving the report. The fix has already been distributed to customers via automatic updates.

The company is improving its mitigation strategies to prevent exploitation of possible bugs in its software and already uses anti-exploitation technologies like Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).

Compared to many other applications, antivirus products also have a large attack surface, as they need to parse many file types and code written in different languages that are received from a variety of sources, including the Web and e-mail. Historically, input and file parsing operations have been a source of many vulnerabilities.

More: Link
 advertisement
 advertisement
 advertisement
 advertisement