Wednesday, March 24, 2010

Hackers Go Four-for-Four As Firefox 3 on Windows 7 Falls at Pwn2Own

I see a reoccurring theme here, all four teams that have competed at this years Pwn2Own contest have successfully exploited their targets and compromised the machines at hand. This time it was a Windows 7 equipped machine running Firefox 3.

@TheZDI Nils from MWR InfoSecurity (@MWRLabs) succeeded against Firefox on Windows 7 with the quintessential calc.exe launching payload.

As with most of the hacks there aren't many details given out as to how they were accomplished. Its really not surprising me that most have fallen but what is surprising me is the rate at which they are being exploited. In most cases it has taken less than 30mins. Now keep in mind most of these target hacks are exploiting third party software and not the OS itself, but it's still a bit unnerving.

Update: Via Threat Post

A 26year old German hacker known simply as "Nils" exploited a previously unknown vulnerability in Mozilla Firefox to take complete control of a 64-bit Windows 7 machine. "Nils" who heads up the security research team at U.K.-based MWR InfoSecurity, used several tricks to bypass Address Space Layout Randomization (ALSR) and Data Execution Prevention (DEP) to get his drive-by download to load an executable on the target machine.

ASLR+DEP are held up as significant roadblocks to thwart malware attacks on the newest versions of Windows but, as this contest shows, skilled hackers with enough motivation and resources can bypass those mitigations easily.

Nils said Mozilla can do a better job of opting into ASLR on Windows, a clear hint that implementation errors make it easy to bypass the Windows defenses.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you