A security researcher at Google has discovered more zero-day exploits in Kaspersky’s anti-virus software. Tavis Omandy, the security researcher, discovered several vulnerabilities. One involved a security measure Kaspersky had used to randomise memory allocation so hackers could not so easily exploit their location. Unfortunately, the memory allocation was not random and Omandy effectively used a Windows DLL file, used to allow programs to share resources, to effectively execute an attack. A zero-day vulnerability is an unaddressed and previously unknown vulnerability. Considered extremely dangerous, they are called zero-day vulnerabilities because upon discovery, developers have very little time, or ‘zero days’, to fix the vulnerability that might be imminently exploited or may have already been exploited.
View full story