Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Accuvant Labs Shares Java Vulnerability Details from Pwn2Own

Accuvant Labs has published details concerning a Java vulnerability exploited during the Pwn2Own contest earlier this year. The flaw was patched in April by Oracle, but for the curious, the security firm is providing additional details, including the exact code used by Joshua J. Drake.

Accuvant Labs has published details concerning a Java vulnerability exploited during the Pwn2Own contest earlier this year. The flaw was patched in April by Oracle, but for the curious, the security firm is providing additional details, including the exact code used by Joshua J. Drake.

In March, Accuvant Labs’ Joshua Drake did what he does best, and exploited memory corruption vulnerabilities within the Java platform. According to the company, Drake spends a good deal of time working on these types of flaws, so it was no surprise that he singled one out during the Pwn2Own contest. The attack used was an untrusted Java Applet delivered to an instance of the IE10 Web browser.

“Thankfully, Oracle took steps to reduce the attack surface of JRE 7 in Update 11. In this release they implemented a “click-to-play” style dialog box preventing untrusted Applets from running without user interaction,” a report on the exploit mentions, taking note of Oracle’s fix for the issue.

“This brings the level of interaction required for untrusted Applets in line with those for self-signed or CA signed Applets. Since user interaction is now required, users have the chance to avoid executing potentially malicious Applets. Further, receiving an unexpected dialog box requesting a Java applet should raise suspicions since very few legitimate sites use Java.”

The noteworthy feat however, was the fact that Drake used his freshly created exploit to compromise the vulnerable system – bypassing both ASLR and DEP protections, within 15 seconds.

“Profit-motivated criminals continue to increase their usage of web browser exploitation and vulnerable plug-in technology to steal important enterprise-level data and cause damage in various ways. Joshua’s Java exploit exemplifies the type of information security research our dedicated team of experts conducts on a daily basis,” said Jon Miller, vice president of research and development for Accuvant.

Advertisement. Scroll to continue reading.

For cracking Windows 8 by exploiting Java on Internet Explorer 10, Drake walked away with $100,000 per Pwn2Own rules. The full details, contained in a report on the vulnerability and subsequent exploit can be found here. Further, a copy of the exploit used during Pwn2Own is also available.  

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.