On Wed, 21 Jul 2021 22:00:04 +0300 Reco <recovery...@enotuniq.net> wrote:
> On Wed, Jul 21, 2021 at 02:38:50PM -0400, Celejar wrote: ... > > Most, yes. But the pwn2own hackers, for example, seem to pretty > > routinely get RCE on the major browsers, so I wouldn't bet my data that > > ransomware authors won't as well: > > > > https://www.zerodayinitiative.com/blog/2019/3/21/pwn2own-vancouver-2019-day-two-results > > https://www.bleepingcomputer.com/news/security/researchers-earn-1-2-million-for-exploits-demoed-at-pwn2own-2021/ > > Given the amount of money and the publicity these people earn - I'd be > surprised if they did not find anything. Still, it's one (ok, several) > RCE per year, and due to the nature of pwn2own - it's unlikely that such > vulnerabilities are common knowledge before the actual pwn2own event, > and they're patched afterwards. Oh, I don't mean those specific vulns, just that the money ransomware authors can hope to make might be a pretty powerful incentive for them to find similar ones. Celejar
