Zero-day vulnerabilities found in Kaspersky and FireEye anti-virus

Two security researchers with a history of finding zero-day exploits in antivirus software have come out with new findings on the same day.

One of them, Travis Ormandy, is a security researcher working for Google, who tweeted about a vulnerability he found in Kaspersky’s anti-virus software.

“It's a remote, zero interaction SYSTEM exploit, in default config. So, about as bad as it gets,” he says in a tweet. He’s usually criticised for publishing his work publically instead of contacting the anti-virus vendors first and working with them to fix the issue first.

https://twitter.com/taviso/status/639997512292651008

According to Computing.co.uk, Kaspersky is already working hard on a fix.

The second researcher is Kristian Erik Hermansen. He disclosed details of zero-day vulnerabilities in FireEye's security appliance, including proof-of-concept code. Hermansen's information is reportedly for sale.

He says he had known of the exploit for 18 months: "FireEye appliance, unauthorized remote root file system access. Oh cool, web server runs as root! Now that's excellent security from a_security_vendor :) Why would you trust these people to have this device on your network," he wrote on disclosure of the flaws.

"Just one of many handfuls of FireEye/Mandiant zero-day. Been sitting on this for more than 18 months with no fix from those security 'experts' at FireEye. Pretty sure Mandiant staff coded this and other bugs into the products. Even more sad, FireEye has no external security researcher reporting process."

CSO Online reached out to him and in an email he had said that he and another researcher, Rob Perris, discovered a total of 30 vulnerabilities in FireEye’s products.

"I tried for 18 months to work with FireEye through responsible channels and they balked every time. These issues need to be released because the platforms are wrought with vulnerabilities and the community needs to know, especially since these are Gov-approved Safe Harbor devices with glaring remote root vulnerabilities," Hermansen told CSO Online.