Send e-mail to ACROS SecurityACROS Security's public PGP key  


ACROS Application Security Analysis

With this "Vulnerability Extermination" service we find security defects in banking, commerce, business, mobile, virtualization, security and other software that you develop or use before anyone else finds them.

Some of our most demanding customers hire us for finding critical vulnerabilities in products built by security-knowledgeable people, reviewed with best automated tools and analyzed by other experts.

And they like what we find.

>> More...

ACROS Penetration

In a simulation of a real "Advanced Persistent Threat" attack against your information system, we become your friendly attacker and try to penetrate into the most critical parts of your networks, databases, services and applications in a controlled and managed fashion.

A test like this is the only way to see how well you're really prepared for a targeted attack.

>> More...


We help you reach informed security-related decisions in application development, when setting up online services and protecting your IT infrastructure.

>> More...



"We routinely engage ACROS Security when we need a security review of our most popular products."

(CSO at global software vendor with multi-billion revenue)

"We've been leveraging ACROS to perform pentests on most of our acquisitions and we've been very happy with their services."

(Project contact at leading global online company with hundreds of millions of registered users)

>> More...


It has always been our strategy not to specialize in any particular technology. We're constantly surprising our customers with security defects in desktop or mobile applications, on any operating system, in office devices, network equipment and appliances, complex web applications and online banking systems, anywhere from smartcard applets and web applications to virtualization engines and language interpreters.

>> More...

Acknowledgments &

Many of the world's largest software vendors have fixed vulnerabilities we reported to them and thanked us for helping them keep their users secure.

>> More...

About ACROS Security

ACROS Security is specialized in providing advanced security analyses of products and systems. Our in-depth security research pushes the boundaries of global knowledge, keeps our customers ahead of competitors and users safe from attackers.

We work for leading financial institutions, software vendors, online service providers, cloud providers, virtualization solutions providers and others who consider security of their products, information and services critical.

>> More...

Follow Acros Security on Twitter
...for updates on our security research.

ACROS in the Media (highlights)

Bleeping Computer, "Windows Zero-Day PoC Lets You Read Any File with System Level Access"

Threatpost, "Windows ‘Deletebug’ Zero-Day Allows Privilege Escalation, Destruction"

ZDNet, "Microsoft Windows zero-day disclosed on Twitter, again"

CSO, "Microsoft patch for JET flaw zero-day is ‘incomplete,’ Windows still vulnerable"

Threatpost, "Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm"

SecurityWeek, "Third-Party Patch Available for Microsoft JET Database Zero-Day"

The Register, "Microsoft's Jet crash: Zero-day flaw drops after deadline passes"

Forbes, "Windows 0-Day ALPC Bug Exploit Patched By Third Party Ahead Of Microsoft's Official Update"

Softpedia, "Emergency Fix for Windows 10 Task Scheduler Vulnerability Released by 0patch"

>> More media references...


A new 0patch Agent is released

0patch blog: Patching, Re-Patching and Meta-Patching the Jet Database Engine RCE (CVE-2018-8423)

0patch blog: Outrunning Attackers On The Jet Database Engine 0day (CVE-2018-8423)

0patch blog: How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-2018-8440)

0patch blog: 0patching Foxit Reader Buffer... Oops... Integer Overflow (CVE-2017-17557)

0patch blog: Windows Updates Broke Your Networking? Free Micropatches To The Rescue (CVE-2018-8174)

Security Patching is Hard - Survey Results 2017

0patch blog: Two Interesting Micropatches For 7-Zip (CVE-2017-17969 and CVE-2018-5996)

0patch blog: Micropatching Brings The Abandoned Equation Editor Back To Life

ACROS presented "We're micropatching 0days and so can you" at the InfoSek Conference 2017. Slides are here

>> More news...


0patch is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes (much less reboot the entire computer). Brought to you by ACROS Security.