Google’s Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24.
by Paul Ducklin At the recent DEF CON cybersecurity conference in Las Vegas, macOS security researcher Patrick Wardle did something that the responsible disclosure doctrine says is a bit naughty. He “dropped 0day” on Apple’s macOS, meaning that he publicly revealed an exploit for which no patch is yet available. Exploits against unpatched vulnerabilities are