IE 9 hacked at Pwn2Own, Google patches Chrome bugs
Posted on 09 March 2012.
After the success they had with attacking Google's Chrome browser, the team of vulnerability researchers from French firm VUPEN has also managed to hack Microsoft's Internet Explorer 9 on a fully patched Windows 7 SP1 machine.

They managed to bypass the browser's DEP and ASLR protection with a 0-day heap overflow vulnerability, and then used a separate memory corruption bug to break out of its Protected Mode, which is effectively a sandbox.

According to VUPEN founder Chaouki Bekrar, these particular flows have existed in previous incarnations of the browser - all the way back to IE 6 - and will very likely work on the upcoming IE 10.

He said it took two of their researchers six weeks of full-time work to develop and exploit for the browser. "When you have to combine many vulnerabilities and bypass all these protections, it takes a longer time," he commented.

According to ZDNet, he also said that the memory corruption bug they used is only one of the many vulnerabilities they found that can be used to break out of IE's Protected Mode, but also admitted that the new IE 10 will be much harder to break into, as Microsoft has added new protection mechanisms.

If the VUPEN team wins the contest, Microsoft will get its hands only on the information regarding the heap overflow bug. "We will keep the Protected Mode bypass private for our customers, said Bekrar.

So far, the team is definitely at an advantage, but nothing is settled yet as Vincenzo Iozzo and Willem Pinckaers, two former PWN2Own winners, have entered the arena.

In the meantime, it has been confirmed that security researcher Sergey Glazunov will be receiving the $60,000 prize he earned yesterday at the Google-sponsored Pwnium contest.

The bugs he used to bypass Chrome's sandbox have already been patched by Google by pushing out a new version of the browser that includes a fix.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //