Tag: 贵族宝贝Wrae

Windows 8 and IE10 successfully exploited by VUPEN

first_imgIt may only have hit retail shelves a few days ago, but Windows 8 has been in the hands of developers and early adopters since September of last year. That’s given security researchers plenty of time to poke around at the new operating system and find ways to poke holes in its greatly-improved defenses, and that’s precisely what VUPEN claims to have done.According to a tweet posted by CEO Chaouki Bekrar, multiple undisclosed flaws were chained together by his co-worker Nicolas Joly in order to successfully exploit Windows 8 and Internet Explorer 10. It seems probable that VUPEN’s team laid the groundwork for this hack way back at Pwn2Own 2012, where it manhandled IE9 on Windows 8. At that time, VUPEN said that same attack could be used against IE10, too, and that the vulnerabilities that were exploited were discovered months before the Windows 8 Developer Preview was released.So how is it possible that these flaws still exist more than a year later? For starters, VUPEN is in the business of selling exploits. Unlike the folks you see racking up nice paydays from Google by helping to squash Chromium bugs, VUPEN makes money by selling exploit details to corporate types. That allows the purchaser to get a head start on the competition and bolster defenses — and obviously has the added benefit of revealing holes in an opponent’s perimeter that could be used to infiltrate its systems.Part of the problem here is that groups like VUPEN can sometimes make more money this way than they can by disclosing threats to Microsoft, Google, or Mozilla. Until that changes, there will always be times when vulnerabilities like this surface and the general public is left wondering when a patch will be delivered. The only reassuring bit here is that the people who pay for information like this aren’t that interested in what you do with your home computer — they’re focused on the corporate world.More at TNWlast_img read more