First vulnerability reported to Kaspersky lab by Tavis Ormandy, a security researchers at Google. Last week Ormandy tweeted that he had successfully exploited Kaspersky's anti-virus product in such a way that users could find their systems easily compromised by malicious hackers.
Okay, first Kaspersky exploit finished, works great on 15 and 16. Will mail report after dinner. /cc @ryanaraine pic.twitter.com/IpifiWpoEU— Tavis Ormandy (@taviso) September 5, 2015
UPDATE: Ormandy have tweeted that Kaspersky team is rolling out the fixed/patch of vulnerability soon via its updates.
Another security researchers Kristian Erik Hermansen has disclosed details of a zero-day vulnerabilities on Fiereye's product, which - if exploited - can result in unauthorized file disclosure.
"FireEye appliance, unauthorized remote root file system access. Oh cool, web server runs as root! Now that's excellent security from a _security_ vendor :) Why would you trust these people to have this device on your network."
"Just one of many handfuls of FireEye / Mandiant 0day. Been sitting on this for more than 18 months with no fix from those security "experts" at FireEye. Pretty sure Mandiant staff coded this and other bugs into the products. Even more sad, FireEye has no external security researcher reporting process."