Security Makers Use Adobe Avoiding Attacks on Windows PCs

Recent examples show that researchers failed and have serious issues by making sure the security of Internet Explorer from the attackers. The latest versions of IE seemed to be vulnerable because the attackers demonstrated they can make and use a hole for their own malicious interests.

For that reason researchers tried to use the weakness in Adobe Systems' Flash Player and created two separate attacks that bypass mitigation Microsoft put into IE 7 and 8. Called as ASLR, or address space layout randomization, and DEP, or data execution prevention, the technologies are devised to make troubles for bugs by causing the execution of malicious code.

The main goal of those techniques is to use the so called just-in-time compiler in Flash so that a PC's memory would be blanketed with many chunks of identical shell-code. The "JIT-spray" lets attackers to overcome ASLR.

"With this JIT-spray, it works fairly reliably, so at least nine out of 10 times you'll guess the right position," said researcher Dionysus Blazakis at the Black Hat security conference in Washington, DC.

An attempts to attack IE 8 was quite useless because ASLR and DEP was some of the only defenses preventing crucial exploits of bugs overflow in software running on Windows computers.

With a help by JIT-spraying, Blazakis was able to avoid a cause IE 8 to open the Windows calculator. It was an argument that he could use Adobe bug to kill code by himself.

What is more, it is not the first time attackers trying to threat for Microsoft software by making an attempt to bypass the memory protections. After a so called heap spraying technique was on the board Microsoft added protections to thwart it in IE 8. This time it is not clear at all that Microsoft will be able to avoid the newfangled attacks so easily.

More Vulnerabilities news

Adobe Reader PDF patches the flaw disclosed at Black Hat

As the hole in an Adobe’s Reader was disclosed at the conference of Black Hat security conference, Adobe patched the flaw at last. Today Adobe released security update to patch the hole. At July's Black Hat event in Las Vegas, Charlie Miller found out about the vulnerability where he told about how the open-source BitBlaze toolkit could boost bug-hunting productivity. He also added that the bug was in Reader's and Acrobat's font parsing. Read more.

• iPhone OS is not bulletproof
• All your base are belong to us: how to protect your router from DNS rebinding
• Same Skype Vulnerability is Used Again
• Competition Among Browsers: Keep the System Secure
• Apple Released Safari Update
• A Bug Found in OpenSSL
• Google Engineer Disclosed Window's DEP Flaw
• Be Careful With F1!
• Top 10 TLDs Used by Botnets For CnC
• Mistakes to Avoid on Social Networks

News categories

• Malware
• Spam and email
• Phishing
• Vulnerabilities
• Computer Security
• Security basics
• Rogue Antispyware

Latest news

• Remove MegaVaccine, MegaVaccine removal
• Remove White Shark Virus, White Shark Virus removal
• Remove Win7 AV, Win7 AV removal
• Remove AV Defender 2011 Platinum, AV Defender 2011 Platinum removal
• Hack is Wack: Symantec and Snoop Dogg teamed up to launch a cybercrime rap contest
• Chinese scammers imitated legitimate ad companies
• Remove VideoCop, VideoCop removal
• Remove My Security Suite, My Security Suite removal
• Remove AV Security Suite Platinum, AV Security Suite Platinum removal
• Remove SpyDefender 2010, SpyDefender 2010 removal

Antispyware Software

• Spyware Doctor
  • Rating
    
    Download Read review
    Spyware Doctor is one of the most reputable security programs and it’s one of the most often recommended anti-spyware tools. It's known for quick and effective scanning methods.
    
    
• VIPRE Antivirus + Antispyware
  • Rating
    
    Download Read review
    VIPRE combines antivirus, antispyware, anti-rootkit and other technologies into a seamless, tightly-integrated product.
    
    
• Spy Sweeper
  • Rating
    
    Download Read review
    Spy Sweeper is popular and powerful antispyware tool. It is the only one security product awarded as PC Magazine’s Editor’s Choice for 8 times.
    
    
• Trend Micro AntiVirus plus AntiSpyware
  • Rating
    
    Download Read review
    Trend Micro AntiVirus + AntiSpyware is the essential security you need so you can email and share files with confidence.
    
    
• Malwarebytes Anti-Malware
  • Rating
    
    Download Read review
    Malwarebytes Anti-Malware can detect and remove malware that other anti-virus and spyware programs generally miss, including rogue security software, although it is not effective against rootkits or viruses.
    
    
• Kaspersky Anti-Virus 2010
  • Rating
    
    Download Read review
    Kaspersky Anti-Virus 2010 is one of the optimal choices for protecting a computer from viruses and other threats. It offers multiple functions for cleaning a system and keeping it safe. Although it costs more than average anti-virus kit, Kaspersky Anti-Virus is often rated better than similar tools by users even when free virus removers are also in the assortment.
    
    

Subscribe

Latest threats

• MegaVaccine
• White Shark Virus
• Win7 AV
• AV Defender 2011 Platinum
• VideoCop
• My Security Suite
• AV Security Suite Platinum
• SpyDefender 2010
• DiskClean
• Green Shield Antivirus
• AdCare
• AWM Antivirus
• AVDefender 2011
• Fake Microsoft Security Essentials Alert
• AntiSpy Safeguard
• Major Defense Kit
• Pest Detector 4.1
• AV Checker
• Data Security Solution
• Peak Protection 2010