The length of time between the development of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called patch window - to launch attacks against unpatched machines. Typically, exploits are developed by skilled …
So what's there to stop some hacker from buying a legal copy of the app...
...and legally get the (secure ??) patch, reverse engineer that and create an attack based on the reverse engineering ??
Who guards the guardians ??
@Ishkandar - Received patch to exploit window
This is what is being done on Windows all the time. To combat this, Microsoft has been releasing "obfuscated" patches where a simple "diff" will generate too much information to dig through.
If the hacker is supported by an organization (i.e., he has a budget) then of course he'll get the application, along with updates. The automated tools are applied to create something which will crash the app, which gives the hacker the quick toe-hold he needs to create something to compromise the app. When the app crashes, that means that it has executed something it wasn't supposed to. Then exploit code is written to not crash the app, but compromise it.
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- How UK air traffic control system was caught asleep on the job
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps