Wednesday, March 25, 2015

‘Pwn2Own 2015′: all browsers have fallen – ZDNet France

The hackers have once again brought down web browsers. The 2015 edition of the CanSecWest,
 the international conference on computer security held each
 year in Vancouver (Canada) has indeed seen unfold the now traditional contest
 Pwn2Own hacking.

Security experts clashed over
 several challenges to exploit vulnerabilities they had discovered
 on major web browsers (latest known versions), Windows, and Adobe Reader and
 Flash.

Bottom line, no tortured browsers has resisted 4 vulnerabilities discovered and exploited on Internet Explorer 11, 3 of Mozilla Firefox, 2 on Apple’s Safari and Google Chrome 1.

Note that one of these experts, Junghoon Lee aka lokihardt, won
 nearly half of the distributed earnings ($ 225,000) exposing 3 bugs
 Internet Explorer, Safari and Chrome. The unearthed vulnerability in the browser
 Google earned him a bonus of $ 10,000 because it applies to a
 beta version of Chrome and its exploitation permit system access.
 

The exposure of these new vulnerabilities and exploits thus compel publishers of these browsers to patch as soon as their products. Mozilla and Google seem to be the most reactive with the launch. Mozilla has pushed two successive updates (36.0.3 and 36.0.4).

A flaws hitting the red panda possible to obtain elevated privileges via a SVG (vector image) trapped. Another possible to write to memory and execute arbitrary code locally.

Google has meanwhile released the Chrome version 41.0.2272.101. The detail of the patch is not known but it fills probably the only flaw discovered and exploited in the competition

> See also our page
Key figures: the global market for Internet browsers

LikeTweet

No comments:

Post a Comment