Security researchers have compromised Microsoft Surface RT, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.
The exploits were demonstrated during the Mobile Pwn2Own hacking contest that ran Wednesday and Thursday at the PacSec Applied Security Conference in Tokyo.
Researchers Abdul Aziz Hariri and Matt Molinyawe from Hewlett-Packard's Zero Day Initiative (ZDI) team, which organized the contest, on a Microsoft Surface RT device running Windows 8.1.
"Exploiting a bug in IE is difficult in general because of the protections and security controls they've implemented," Hariri said. The vulnerability was exploited twice in order to leak a memory address and then gain remote code execution, "which gave us full control over the whole machine," he said.
To read this article in full or to leave a comment, please click here


More...