"Since the announcement, we have also conducted an internal code audit, fixed a number of other bugs and made changes to our build and QA [quality assurance] processes which should result in far sturdier code and prevent similar situations in the future," the Bitdefender representative said.
The issues in Kaspersky Lab's antivirus products that were outlined in Koret's presentation, namely the absence of ASLR in some components and a potential denial-of-service issue when scanning nested archives, are not critical to the security protection of the company's customers, a Kaspersky representative said via email. Software that is written without ASLR is not implicitly more vulnerable to exploits, but Kaspersky Lab added ASLR to the product components that were lacking it — vlns.kdl and avzkrnl.dll — after Koret's presentation, he said.
The archive issue where scanning of a 3MB 7-Zip file can allegedly produce a 32GB dump file could not be verified or refuted because the company has not received a detailed description of the methodology used by the researcher.
Sign up for CIO Asia eNewsletters.