Internet Explorer, along with Firefox and Safari become one of the handful of applications that were hacked on the first day of the 2014 edition of the hacking competition, Pwn2Own.
Security researchers from the French research firm VUPEN managed to bypass the sandbox and break into Microsoft’s web browser after they found a use-after-free issue that causes object confusion in the broker. This was exploited it to execute arbitrary code.
In the process they managed to net a cool $300,000.
Impressively, most of the contestants managed to demonstrate their skills within 5 minutes — despite the fact that they had a full 30 minute time frame to do it. Once the exploits were demonstrated, they retired to the disclosure room to present the details to the software vendors.
This, obviously, is one of the main conditions of this competition.
The first day of Pwn2Own 2014 got even more epic, after a few of the researchers even donated their wins to charity organizations across the globe, including the Canadian Red Cross.
Along with Internet Explorer 11 on Windows 8.1, Firefox and Safari, security vulnerabilities were also found in Adobe Flash and Reader. What remains to be seen is whether anyone can break into Chrome in what will be the second (and last) day of the competition, tomorrow.
Plus, we can now expect all these security holes fixed in future patches for these software.
No comments:
Post a Comment