![]() using more JavaScript) before the “use” part of the use-after-free takes place. using JavaScript), that tricks Windows into reallocating those memory blocks quickly, so they can be modified from inside the browser (e.g. Imagine that an attacker can come up with a sequence of operations, triggered from inside the browser (e.g. This means that Internet Explorer continues to use blocks of memory after they have been freed (returned to the operating system’s memory pool), and therefore after they may already have been reallocated and modified. You can read more about the Fix it in a well-worth-reading blog post from Microsoft’s Secure Windows Initiative team.ĬVE-2013-1347 is what’s known as a use-after-free bug. The good news is that Microsoft had just published an emergency patch, known as a Fix it, that is simple to apply, easy to reverse if it causes any problems, and (so Redmond says) knocks the vulnerability on the head. The vulnerability that was exploited in the drive-by turned out to an unpatched bug (what’s known as a zero-day or 0-day) in Internet Explorer 8, and was soon labelled CVE-2013-1347. ![]() Remember the US Department of Labor hack we wrote about at the beginning of the month?Ī microsite off the main web page was compromised and used to serve up a drive-by download cocktail that aimed to infect your computer surreptitiously. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |