Security researchers have compromised Microsoft Surface Pro, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.
The exploits were demonstrated during the Mobile Pwn2Own hacking contest that ran Wednesday and Thursday at the PacSec Applied Security Conference in Tokyo.
Researchers Abdul Aziz Hariri and Matt Molinyawe from Hewlett-Packard’s Zero Day Initiative (ZDI) team, which organized the contest, on a Microsoft Surface Pro device running Windows 8.1. The demonstration had an educational purpose and was not part of the actual competition.
“Exploiting a bug in IE is difficult in general because of the protections and security controls they’ve implemented,” Hariri said. The vulnerability was exploited twice in order to leak a memory address and then gain remote code execution, “which gave us full control over the whole machine,” he said.
To read this article in full or to leave a comment, please click here


More...