Security News > 2021 > November > Will they try it for 30 days first? McAfee goes private again in $14bn cash deal

A consortium of private equity types have stumped up $12bn in cash to acquire what's left of McAfee the company plus another couple of billion to pay off its debts.

Another Pwn2Own contest, in which security experts compete for cash prizes by exploiting zero-day vulnerabilities in products, wrapped up on Friday, leaving its successful entrants $1,081,250 better off and vendors with details of 61 flaws to fix.

The aim of the contest is to reward bug hunters and exploit developers for finding, demonstrating, and privately reporting vulnerabilities to participating vendors, who then cough up the cash and issue necessary patches to users.

The Zero-Day Initiative's Dustin Childs told The Register the budget was doubled for the competition in part to keep up with outfits that buy and sell exploits increasing their offers for details of vulnerabilities.

A heap overflow vulnerability can be exploited when "The function tipc crypto key rcv is used to parse MSG CRYPTO messages to receive keys from other nodes in the cluster in order to decrypt any further messages from them," he explained in a patch for the flaw.

"The catalog will list exploited vulnerabilities that carry significant risk to the federal enterprise with the requirement to remediate within 6 months for vulnerabilities with a Common Vulnerabilities and Exposures ID assigned prior to 2021 and within two weeks for all other vulnerabilities," it said.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/11/08/in_brief_security_mcafee/