A new Zero-Day exploit for Internet Explorer was released on Saturday by FireEye Research Labs. At its core the new exploit takes advantage of a known Flash technique that can be used to access memory. Memory is then corrupted in a way that completely bypasses the built in Microsoft Window’s protection. This then gains the attacker full control which allows the attacker to run his own maliciously crafted code on the victims machine. Internet Explorer versions 6-11 are all currently vulnerable to attack. Details of the exploit can be found here: http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html.
Since the vulnerability relies on corrupting memory through Flash, an easy mitigation technique is to simply disable Flash. In addition if you are using different browsers, such as Firefox or WhiteHat’s Aviator, you will not be affected. There have already been known attacks exploiting the new IE vulnerability so users are encouraged to take immediate action to mitigate their risk.
For users interested in an alternative browser to Internet Explorer, WhiteHat Aviator is now available for Windows users and can be downloaded here:https://www.whitehatsec.com/aviator/.
'Security_News > 해외보안소식' 카테고리의 다른 글
| 신분도용 43%가 의료정보 도용으로 조사되었다 (0) | 2014.05.06 |
|---|---|
| 미리 대비하는 사이버 공격··· 4가지 전략 원칙 (0) | 2014.05.05 |
| SHMOOCON 2014: THE "SCIENCE OF CYBER" AND THE NEXT GENERATION OF SECURITY TOOLS (0) | 2014.05.05 |
| EXECUTIVE CYBER INTELLIGENCE REPORT: MAY 5, 2014 (0) | 2014.05.05 |
| 안드로이드 6가지 신규 취약점 (0) | 2014.05.05 |