The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product.
UPDATE–As if all of the vulnerabilities in Flash and Windows discovered in the Hacking Team document cache and the 193 bugs Oracle fixed last week weren’t enough for organizations to deal with, HP’s Zero Day Initiative has released four new zero days in Internet Explorer Mobile that can lead to remote code execution on Windows Phones. […]
Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.
Three HP ZDI researchers won a $125,000 bounty from Microsoft for successful attacks against memory protections introduced last summer into Internet Explorer.