Kaspersky 'was aware' of scanner flaw

Kaspersky 'was aware' of scanner flaw


Online scanner had been patched, despite gap in staff knowledge

Security firm Kaspersky was aware of the flaw in its online scanner and had issued a patch on 9 October, despite comments made by its staff.

A spokesman for Kaspersky said that version 5.0.98.0 fixed the ActiveX vulnerability.

"Contrary to the statements made in the article Kaspersky Lab was indeed aware of the issue and had issued a statement on 9 October, providing advise [sic] to users," the spokesman said in a written statement.

However, the update was released on the homepage of the company's website under the heading 'Kaspersky Lab announces the release of a new version of its free Kaspersky Online Scanner'.

Users only received news about the fix for the vulnerability, which Secunia rated 'highly critical', if they followed the link. This is despite a warning attached to the update.

"Kaspersky Lab strongly recommends that all Kaspersky Online Scanner users install the new version of the application," the announcement said.