Yes, I know it was a bug. But would it be possible for a attacker to reverse engineer the current update of Crowdstrike and detect the bug, then write a malware that is named or has a feature that when mitigated in the data file it causes the bug to activate. e.g. say a name with a special character in the second position which causes the buggy code to return a null pointer.
[link] [comments]
from hacking: security in practice https://ift.tt/CezlcFq
Comments
Post a Comment