Into The Explorer vulnerability has allowed us to gain control of the machine and has now been reported to Microsoft. A researcher with the pseudonym of Pinkie Pie has compromised a Nexus 4 and a Samsung Galaxy S4 exploiting vulnerabilities in Chrome, since this is a complex process run inside a sandbox (a mechanism that separates the processes of the browser from the operating system). Pinkie Pie had already in 2012 identified two vulnerabilities in Chrome, Google Pwnium during the event. For the new vulnerability has been exploited technically the occurrence of an overflow in the integer operations and a flaw in the sandbox, a mechanism that has allowed him to win $ 50,000 up for grabs. Pinkie Pie has secured the victory showing the vulnerability of a Nexus 4 but for demonstration purposes has also demonstrated the feasibility of a Samsung Galaxy S4.
Into The potential attacks are creating web pages prepared ad hoc, specific links by sending e-mail, SMS or by attracting the potential victim with links on web sites. When the user clicks on a malicious link from Chrome, the attack is accomplished without the need for the user to interact in some way, allowing the execution of arbitrary code within the operating system. Ache this new vulnerability was reported to Google. Into A team of researchers at Japan’s Mitsui Bussan Secure Directions hacked a Galaxy S4 modifying unspecified applications pre-installed in the device by the manufacturer. Chinese researchers have attacked two iPhone 5 with iOS 7.0.3 and iOS 6.1.4, exploiting vulnerabilities in Safari. The Japanese team won $ 40,000 because their attack has allowed us to completely control device, the Chinese team took home a lower figure: $ 27,500 since the attack made it impossible to fully control the device but anyway allowed to recover data, browser cookies, photos and contacts.
No comments:
Post a Comment