AfterDawn: News

Vupen selling Windows 8 zero-day bug to highest bidder

French security firm has announced they are selling a Windows 8 zero-day exploit to the highest bidder.

Vupen writes: "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed)."



The firm specializes in finding vulnerabilities in software, most notably from companies like Microsoft, Apple and Adobe.

However, Vupen is no saint. The company sells its research to third-parties, normally in governments and companies, without sharing the details with the affected software makers. The software makers can also purchase the research, and many do.

The new exploit is for the new Windows 8 OS, and also includes the Internet Explorer 10 browser. Vupen has not yet shared the details with Microsoft.

Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8

-- VUPEN Security (@VUPEN) October 30, 2012

Written by: Andre Yoskowitz @ 4 Nov 2012 13:05

• Previous article

• Mozilla: 'Glitch' cost us millions of downloads

• Next article

• Sharp: We may not make it

• 5 comments

• megadunderhead

  ha ha ha ha ha ha ha ha ha ha ha ha ha rolmao ha ha ha ha i knew windows 8 wasn't cleared of bugs
  

  5.11.2012 12:45 #1

• bobiroc

  Originally posted by megadunderhead: ha ha ha ha ha ha ha ha ha ha ha ha ha rolmao ha ha ha ha i knew windows 8 wasn't cleared of bugs Please find an operating system or piece of software that is. There isn't one.
  

  AMD Phenom II 965 @ 3.67Ghz, 8GB DDR3, ATI Radeon 5770HD, 256GB OCZ Vertex 4, 2TB Additional HDD, Windows 7 Ultimate.
  
  http://www.facebook.com/BlueLightningTechnicalServices

  5.11.2012 18:13 #2

• ronatola

  I wonder how much it would cost MS to purchase?
  

  8.11.2012 10:49 #3

• LeeC22

  Originally posted by megadunderhead: ha ha ha ha ha ha ha ha ha ha ha ha ha rolmao ha ha ha ha i knew windows 8 wasn't cleared of bugs Neither is iOS... hence the latest update from Apple, that fixes numerous bugs, that installing the bug riddled iOS 6 gave you.
  
  I'm sure the OS that you're capable of writing, won't have bugs though... probably won't be any code to have bugs in.
  

  8.11.2012 18:37 #4

• pmshah

  Why not ? Someone has to pay for their time and effort. Antivirus software companies do get paid why not VUPEN?

  9.11.2012 19:49 #5