Internet Explorer 11 and Chrome Hacked At Mobile Pwn2Own
Security researchers have managed to hack Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.
The exploits were demonstrated during the Mobile Pwn2Own hacking contest that ran Wednesday and Thursday at the PacSec Applied Security Conference in Tokyo.
Researchers Abdul Aziz Hariri and Matt Molinyawe from Hewlett-Packard?s Zero Day Initiative (ZDI) team demonstrated an Internet Explorer 11 exploit on a Microsoft Surface RT device running Windows 8.1.
The vulnerability was reported to Microsoft.
Another researcher compromised Nexus 4 and Samsung Galaxy S4 devices by exploiting a vulnerability in Chrome, despite the application sandbox that separates the browser?s processes from the operating system.
The potential victim clicked on a link to a specifically designed Web page. Once the malicious page is opened in Chrome, the attack executes in the background and allows arbitrary code execution on the operating system.
The researcher was awarded with US$50,000 - $10,000 more than the $40,000 standard prize, offered by the Google Chrome Security Team.
Of course, the issues were reported to Google so they can be fixed.
Japanese researchers at the Mitsui Bussan Secure Directions hacked into a Samsung Galaxy S4 device by exploiting vulnerabilities in applications pre-installed on the device by the manufacturer.
Chinese researchers also hacked into two iPhone 5 devices running iOS 7.0.3 and iOS 6.1.4 respectively by exploiting vulnerabilities in Safari.
Researchers Abdul Aziz Hariri and Matt Molinyawe from Hewlett-Packard?s Zero Day Initiative (ZDI) team demonstrated an Internet Explorer 11 exploit on a Microsoft Surface RT device running Windows 8.1.
The vulnerability was reported to Microsoft.
Another researcher compromised Nexus 4 and Samsung Galaxy S4 devices by exploiting a vulnerability in Chrome, despite the application sandbox that separates the browser?s processes from the operating system.
The potential victim clicked on a link to a specifically designed Web page. Once the malicious page is opened in Chrome, the attack executes in the background and allows arbitrary code execution on the operating system.
The researcher was awarded with US$50,000 - $10,000 more than the $40,000 standard prize, offered by the Google Chrome Security Team.
Of course, the issues were reported to Google so they can be fixed.
Japanese researchers at the Mitsui Bussan Secure Directions hacked into a Samsung Galaxy S4 device by exploiting vulnerabilities in applications pre-installed on the device by the manufacturer.
Chinese researchers also hacked into two iPhone 5 devices running iOS 7.0.3 and iOS 6.1.4 respectively by exploiting vulnerabilities in Safari.