Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Accuvant Labs Shares Java Vulnerability Details from Pwn2Own

Accuvant Labs has published details concerning a Java vulnerability exploited during the Pwn2Own contest earlier this year. The flaw was patched in April by Oracle, but for the curious, the security firm is providing additional details, including the exact code used by Joshua J. Drake.

Accuvant Labs has published details concerning a Java vulnerability exploited during the Pwn2Own contest earlier this year. The flaw was patched in April by Oracle, but for the curious, the security firm is providing additional details, including the exact code used by Joshua J. Drake.

In March, Accuvant Labs’ Joshua Drake did what he does best, and exploited memory corruption vulnerabilities within the Java platform. According to the company, Drake spends a good deal of time working on these types of flaws, so it was no surprise that he singled one out during the Pwn2Own contest. The attack used was an untrusted Java Applet delivered to an instance of the IE10 Web browser.

“Thankfully, Oracle took steps to reduce the attack surface of JRE 7 in Update 11. In this release they implemented a “click-to-play” style dialog box preventing untrusted Applets from running without user interaction,” a report on the exploit mentions, taking note of Oracle’s fix for the issue.

“This brings the level of interaction required for untrusted Applets in line with those for self-signed or CA signed Applets. Since user interaction is now required, users have the chance to avoid executing potentially malicious Applets. Further, receiving an unexpected dialog box requesting a Java applet should raise suspicions since very few legitimate sites use Java.”

The noteworthy feat however, was the fact that Drake used his freshly created exploit to compromise the vulnerable system – bypassing both ASLR and DEP protections, within 15 seconds.

“Profit-motivated criminals continue to increase their usage of web browser exploitation and vulnerable plug-in technology to steal important enterprise-level data and cause damage in various ways. Joshua’s Java exploit exemplifies the type of information security research our dedicated team of experts conducts on a daily basis,” said Jon Miller, vice president of research and development for Accuvant.

For cracking Windows 8 by exploiting Java on Internet Explorer 10, Drake walked away with $100,000 per Pwn2Own rules. The full details, contained in a report on the vulnerability and subsequent exploit can be found here. Further, a copy of the exploit used during Pwn2Own is also available.  

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.