Accuvant Labs has published details concerning a Java vulnerability exploited during the Pwn2Own contest earlier this year. The flaw was patched in April by Oracle, but for the curious, the security firm is providing additional details, including the exact code used by Joshua J. Drake.
In March, Accuvant Labs’ Joshua Drake did what he does best, and exploited memory corruption vulnerabilities within the Java platform. According to the company, Drake spends a good deal of time working on these types of flaws, so it was no surprise that he singled one out during the Pwn2Own contest. The attack used was an untrusted Java Applet delivered to an instance of the IE10 Web browser.
“Thankfully, Oracle took steps to reduce the attack surface of JRE 7 in Update 11. In this release they implemented a “click-to-play” style dialog box preventing untrusted Applets from running without user interaction,” a report on the exploit mentions, taking note of Oracle’s fix for the issue.
“This brings the level of interaction required for untrusted Applets in line with those for self-signed or CA signed Applets. Since user interaction is now required, users have the chance to avoid executing potentially malicious Applets. Further, receiving an unexpected dialog box requesting a Java applet should raise suspicions since very few legitimate sites use Java.”
The noteworthy feat however, was the fact that Drake used his freshly created exploit to compromise the vulnerable system – bypassing both ASLR and DEP protections, within 15 seconds.
“Profit-motivated criminals continue to increase their usage of web browser exploitation and vulnerable plug-in technology to steal important enterprise-level data and cause damage in various ways. Joshua’s Java exploit exemplifies the type of information security research our dedicated team of experts conducts on a daily basis,” said Jon Miller, vice president of research and development for Accuvant.
For cracking Windows 8 by exploiting Java on Internet Explorer 10, Drake walked away with $100,000 per Pwn2Own rules. The full details, contained in a report on the vulnerability and subsequent exploit can be found here. Further, a copy of the exploit used during Pwn2Own is also available.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Skybox Security Raises $50M, Hires New CEO
- Spies, Hackers, Informants: How China Snoops on the US
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
- Tor Network Under DDoS Pressure for 7 Months
- Siemens License Manager Vulnerabilities Allow ICS Hacking
- UN Experts: North Korean Hackers Stole Record Virtual Assets
