Andre Yoskowitz
4 Nov 2012 13:05
French security firm has announced they are selling a Windows 8 zero-day exploit to the highest bidder.
Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8
Vupen writes: "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed)."
The firm specializes in finding vulnerabilities in software, most notably from companies like Microsoft, Apple and Adobe.
However, Vupen is no saint. The company sells its research to third-parties, normally in governments and companies, without sharing the details with the affected software makers. The software makers can also purchase the research, and many do.
The new exploit is for the new Windows 8 OS, and also includes the Internet Explorer 10 browser. Vupen has not yet shared the details with Microsoft.