Google troublemaker Tavis Ormandy, whose credits include turning up security vuln in popular antivirus products, reckons he's identified an active market in antivirus exploits.
In his latest post, Ormandy details more work on Kaspersky products (noting that the Russian outfit is already at work on patches).
From the vuln side, he identifies bugs in various file parsing routines (“everything from Android DEX files and Microsoft CHM documents to unpacking UPX and Yoda's Protector”, he writes). There's also a now-patched bug in Thinstall container handling.
More worryingly, Ormandy outlines the black market he believes is emerging.
“We have strong evidence that an active black market trade in antivirus exploits exists. Research shows that it’s an easily accessible attack surface that dramatically increases exposure to targeted attacks”, he writes.
That evidence includes a Wikileaks post from the Hacking Team leaks purportedly offering ESET vulnerabilities for sale.
Ormandy offers an olive branch to Kaspersky for its fast response, and warns users to watch the company's issues-trackers in the next few weeks. ®