Researchers launch a bug hunt

GET YOUR NETS READY; insecurity researchers have started a month long bug hunt on Microsoft, Adobe and Apple software.

The Abysssec Security Team has launched its Month of Abysssec Undisclosed Bugs (MOAUB) in the hopes of catching a lot of them.

"Abysssec will release a collection of zero-day, web application vulnerabilities, and detailed analysis (and pocs) for recently released advisories by vendors such as Microsoft, Mozilla, Sun, Apple, Adobe, HP, Novel etc"

Abysssec's MOAUB also intends to disclose flaws in Excel, Internet Exploder, Microsoft codecs and Cpanel amogst others. Looks like Abysssec is going to have to buy bigger nets if it wants to catch all the known and not yet known exploits and vulnerabilities from the listed companies.

The team's findings are going to be hosted at the Exploit database where it intends to update readers on a daily basis. Apparently it is going to be nothing less than an "intensive ride".

So far today, the Abysssec bug hunt team has tweeted that it has made a couple of finds.

"Please follow me and RT today featuring cpanel and adobe flash and reader," Shahin Ramezany announced on Abysssec's Twitter account.

The team apparently found exploits for Adobe Reader and Flash player. A full detailed analysis of the find is already in the exploit database here. Abysssec has also claimed that it found a Cpanel zero-day vulnerability that lets malicious users circumvent almost all PHP restrictions.

Scary stuff. µ