The hackers have once again brought down web browsers. The 2015 edition of the CanSecWest,
the international conference on computer security held each
year in Vancouver (Canada) has indeed seen unfold the now traditional contest
Pwn2Own hacking.
Security experts clashed over
several challenges to exploit vulnerabilities they had discovered
on major web browsers (latest known versions), Windows, and Adobe Reader and
Flash.
Note that one of these experts, Junghoon Lee aka lokihardt, won
nearly half of the distributed earnings ($ 225,000) exposing 3 bugs
Internet Explorer, Safari and Chrome. The unearthed vulnerability in the browser
Google earned him a bonus of $ 10,000 because it applies to a
beta version of Chrome and its exploitation permit system access.
The exposure of these new vulnerabilities and exploits thus compel publishers of these browsers to patch as soon as their products. Mozilla and Google seem to be the most reactive with the launch. Mozilla has pushed two successive updates (36.0.3 and 36.0.4).
A flaws hitting the red panda possible to obtain elevated privileges via a SVG (vector image) trapped. Another possible to write to memory and execute arbitrary code locally.
Google has meanwhile released the Chrome version 41.0.2272.101. The detail of the patch is not known but it fills probably the only flaw discovered and exploited in the competition
Key figures: the global market for Internet browsers
No comments:
Post a Comment