Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Accuvant Labs Shares Java Vulnerability Details from Pwn2Own

Accuvant Labs has published details concerning a Java vulnerability exploited during the Pwn2Own contest earlier this year. The flaw was patched in April by Oracle, but for the curious, the security firm is providing additional details, including the exact code used by Joshua J. Drake.

Accuvant Labs has published details concerning a Java vulnerability exploited during the Pwn2Own contest earlier this year. The flaw was patched in April by Oracle, but for the curious, the security firm is providing additional details, including the exact code used by Joshua J. Drake.

In March, Accuvant Labs’ Joshua Drake did what he does best, and exploited memory corruption vulnerabilities within the Java platform. According to the company, Drake spends a good deal of time working on these types of flaws, so it was no surprise that he singled one out during the Pwn2Own contest. The attack used was an untrusted Java Applet delivered to an instance of the IE10 Web browser.

“Thankfully, Oracle took steps to reduce the attack surface of JRE 7 in Update 11. In this release they implemented a “click-to-play” style dialog box preventing untrusted Applets from running without user interaction,” a report on the exploit mentions, taking note of Oracle’s fix for the issue.

“This brings the level of interaction required for untrusted Applets in line with those for self-signed or CA signed Applets. Since user interaction is now required, users have the chance to avoid executing potentially malicious Applets. Further, receiving an unexpected dialog box requesting a Java applet should raise suspicions since very few legitimate sites use Java.”

The noteworthy feat however, was the fact that Drake used his freshly created exploit to compromise the vulnerable system – bypassing both ASLR and DEP protections, within 15 seconds.

“Profit-motivated criminals continue to increase their usage of web browser exploitation and vulnerable plug-in technology to steal important enterprise-level data and cause damage in various ways. Joshua’s Java exploit exemplifies the type of information security research our dedicated team of experts conducts on a daily basis,” said Jon Miller, vice president of research and development for Accuvant.

For cracking Windows 8 by exploiting Java on Internet Explorer 10, Drake walked away with $100,000 per Pwn2Own rules. The full details, contained in a report on the vulnerability and subsequent exploit can be found here. Further, a copy of the exploit used during Pwn2Own is also available.  

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.