Copperjohn

Kaspersky statement on CVE-2022-27535 fixed in Kaspersky VPN Secure Connection The Kaspersky team has closed a vulnerability in the Kaspersky VPN Secure Connection that allowed an authenticated attacker to trigger arbitrary file deletion in the system. It could lead to device malfunction or the removal of important system files required for correct system operation. To execute this attack, an intruder had to create a specific file and convince users to run "Delete all service data and reports" or "Save report on your computer" product features. To fix the vulnerability, the Kaspersky team recommends users check the app version they are running and install the latest one: https://www.kaspersky.com/vpn-secure-connection#installation We would like to thank security researcher Ben Ronallo, who discovered the issue and responsibly reported it to Kaspersky. The affected versions of Kaspersky VPN: • Kaspersky VPN Secure Connection prior to 21.6 Attributable to Kaspersky

Received this email yesterday. See below. Very unsure; please advise.