Microsoft may tout Internet Explorer as very secure code, but it was the second browser to fall at the annual hacker competition which is designed to test resistance of internet software to real world attacks.
Arstechnica have published a story detailing the fail for Microsoft. Attackers were able to take complete control of the laptop running the browser by exploiting two previously unknown vulnerabilities in V9 running on Windows 7 SP1. They had to target multiple vulnerabilities in tandem to penetrate protection that developers have included in the last few years.
Arstechnica add “Chief among the protections is what’s known as a security sandbox. This funnels web content into a highly restricted perimeter condoned off from operating-system functions that carry out sensitive actions (such as modifying registry settings). The team from France-based Vupen Security was able to penetrate Chrome’s sandbox on Wednesday. CEO Chaouki Bekrar said his group had enough zero-day attacks on hand to compromise all browsers subject to the Pwn2Own contest. In addition to IE and Chrome, the group included Apple, Safari, and Mozilla Firefox.
“What we want to show is there is no 100-percent security,” he told Ars moments after unleashing code that remotely caused a high-end Asus laptop to open a calculator program. “So even if you have a fully updated system, you can still get your system compromised.
In Thursday’s attack, the Vupen team used a heap overflow to bypass DEP and ASLR so they could run shell code in what’s known as the low integrity level of the operating system. They combined stage one of their code with a separate attack that exploited a memory corruption vulnerability. That allowed a stage-two payload to break out of the sandbox. Bekrar said the attack surface exploited was “100-percent IE code” and it didn’t involve any kernel code or third-party plugins. By contrast, he said, his team’s attack that pierced Chrome’s sandbox on Wednesday exploited code that’s available in the “default installation” of the Google browser.”
Kitguru says: Do you feel safe now?