Displaying items by tag: ZeroDay

Google’s previously unassailable Chrome web browser has now been hacked three times in only two days. The first two we have already told you about in a previous article. Vupen a French research company found a 0-day exploit that allowed them to jump out of Google’s Sand Box and then another that allowed them to execute arbitrary code on the OS that Chrome was installed on (in this case Windows). Vupen did this as part of the Pwn2Own competition held every year.

Although not incredibly big news it looks like Microsoft’s Internet Explorer 9 has fallen to exploits on Thursday during the Pwn2Own competition. Once again it was Vupen that managed the exploit. Interestingly enough as with Chrome it took two separate attacks to get past the security in place for IE 9. One is something that has been present in every version of Internet Explorer since IE6 and the other is a non-disclosed 0-day exploit to get past the protected mode available in IE.

A new Zero-Day flaw has been found in Microsoft’s Windows 7 OS, but it only applies to a very limited set of circumstances. In this case the system in question needs to be running the 64-bit version of the OS and have Apple’s Safari Browser installed. This combination is probably fairly common as Apple pushes Safari at you with any download of iTunes or QuickTime.

At Defcon 19 in Las Vegas this year the annual security show launched a new event. Called Defcon Kids the even features young “hackers” that have uncovered exploits, vulnerabilities and other security related items. One of the first to speak this year is a 10-Year Old Girl from California who found an exploit in some mobile games.

The girl, who goes by the alias CyFi (and who is a Girl Scout as well) found the new exploit because she did not want to wait for certain in-game items to complete in a farming game that she plays. To get around this boring wait she simply moved time along. When she did this it opened up the exploit. Independent researchers have verified her findings, but will not list the games that are affected by this (no will CyFi giving the authors a chance to fix things).

CyFi also said that while many games have cheat prevention systems she found that most can be circumvented with a few simple techniques. The Exploit affects both iOS and Android operating systems and illustrates how developers and security experts alike can miss something simple while overthinking their protections and applications.


Source and Image Cnet

Discuss thus on our Forum