Kaspersky has rushed out an emergency security patch for its own antivirus product after it was alerted to a problem by a researcher on Twitter.
Google security engineer Tavis Ormandy revealed details of the flaw on Sunday, warning of a high-level buffer overflow vulnerability in Kaspersky's antivirus product that was "about as bad as it gets".
@ryanaraine It's a remote, zero interaction SYSTEM exploit, in default config. So, about as bad as it gets.— Tavis Ormandy (@taviso) September 5, 2015
The security firm reacted quickly in response and pushed out a fix within 24 hours. "A fix has already been distributed via automatic updates to all our clients and customers. We’re improving our mitigation strategies to prevent exploiting of inherent imperfections of our software in the future," it said.
Kaspersky also thanked Ormandy for his disclosure and said that the company always welcomes help from the security community.
"Kaspersky Lab has always supported the assessment of our solutions by independent researchers. Their ongoing efforts help us to make our solutions stronger, more productive and more reliable," said a statement.
However, some in the security community, such as Graham Cluley, questioned the way in which Ormandy released the information.
"One has to question the timing of Ormandy's announcement just before a long holiday weekend in the US, which clearly makes it as difficult as possible for a corporation to put together a response for concerned users," Cluley wrote.
This the second piece of unwanted publicity for Kaspersky, after the company faced claims that it had deliberately created malware to trick rival products into flagging clean files as malware, based on claims made by two former employees.
Company founder Eugene Kaspersky rounded on the reports, calling them "sensational" and "false".
North Korean hackers reportedly step up their activity as tensions with the US increase
Ice Lake probably won't appear before 2019 at the earliest
Krzanich follows Kevin Plank of Under Armor and Kenneth Frazier of Merck
Release of latest version of Android imminent