The length of time between the development of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called patch window - to launch attacks against unpatched machines. Typically, exploits are developed by skilled …
So what's there to stop some hacker from buying a legal copy of the app...
...and legally get the (secure ??) patch, reverse engineer that and create an attack based on the reverse engineering ??
Who guards the guardians ??
@Ishkandar - Received patch to exploit window
This is what is being done on Windows all the time. To combat this, Microsoft has been releasing "obfuscated" patches where a simple "diff" will generate too much information to dig through.
If the hacker is supported by an organization (i.e., he has a budget) then of course he'll get the application, along with updates. The automated tools are applied to create something which will crash the app, which gives the hacker the quick toe-hold he needs to create something to compromise the app. When the app crashes, that means that it has executed something it wasn't supposed to. Then exploit code is written to not crash the app, but compromise it.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Pic 7 AMAZING experiments set for Mars Rover 2020 – including oxygen generation
- Worstall on Wednesday YES, iPhones ARE getting slower with each new release of iOS
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs