Finding vulnerabilities and how to exploit them to run malware in closed source code is nigh on impossible. Anyone can read open source code.
What is possible is to analyze patches to figure out what was fixed and then to attack those that didn't apply the patches. Even easier is old releases. Patches often have more than one fix, but a patch for an old release is almost guaranteed to be a fix for a single vulnerability. That makes it easier to analyze. Regards, Jakob.
