Security Makers Use Adobe Avoiding Attacks on Windows PCs

Recent examples show that researchers failed and have serious issues by making sure the security of Internet Explorer from the attackers. The latest versions of IE seemed to be vulnerable because the attackers demonstrated they can make and use a hole for their own malicious interests.

For that reason researchers tried to use the weakness in Adobe Systems' Flash Player and created two separate attacks that bypass mitigation Microsoft put into IE 7 and 8. Called as ASLR, or address space layout randomization, and DEP, or data execution prevention, the technologies are devised to make troubles for bugs by causing the execution of malicious code.

The main goal of those techniques is to use the so called just-in-time compiler in Flash so that a PC's memory would be blanketed with many chunks of identical shell-code. The "JIT-spray" lets attackers to overcome ASLR.

"With this JIT-spray, it works fairly reliably, so at least nine out of 10 times you'll guess the right position," said researcher Dionysus Blazakis at the Black Hat security conference in Washington, DC.

An attempts to attack IE 8 was quite useless because ASLR and DEP was some of the only defenses preventing crucial exploits of bugs overflow in software running on Windows computers.

With a help by JIT-spraying, Blazakis was able to avoid a cause IE 8 to open the Windows calculator. It was an argument that he could use Adobe bug to kill code by himself.

What is more, it is not the first time attackers trying to threat for Microsoft software by making an attempt to bypass the memory protections. After a so called heap spraying technique was on the board Microsoft added protections to thwart it in IE 8. This time it is not clear at all that Microsoft will be able to avoid the newfangled attacks so easily.

More Vulnerabilities news

Firefox 9.0 and four critical flaws fixed

Firefox 9.0 comes with a faster JavaScript engine but the main thing it brings is fixes to four serious vulnerabilities that affect its earlier versions (except v3.6). The security hole could allow an attacker to execute malicious code on a machine using a specially arranged web page. Firefox 9.0 version fixed flaw that enabled the hackers to access out-of-bounds memory areas. Moreover, Firefox 9. Read more.

• Major flaw of Adobe Reader and Acrobat 9.x is patched
• Adobe Reader targeted again: Acrobat vulnerability
• From „White hat“ Charlie Miller was turned to „Black hat“
• Temporary remedy against Dugu
• Malware distribution tendencies 2011
• Mac OS X Lion flaw gives opportunity attacker changing victim’s password
• Flaws have been detected in Symantec Endpoint Protection Manager
• New IE bug may expose your cookies
• Secret is not revealed but Facebook’s flaw is repaired
• XSS flaw of Facebook is unpatched and explored for Wall posting

News categories

• Malware
• Spam and email
• Phishing
• Vulnerabilities
• Computer Security
• Security basics
• Rogue Antispyware

Latest news

• Introducing threats : Trojans
• Free iPhone 5 on Tumblr? Avoid the scam!
• Newest Facebook scam - Russel Brand and Kate Perry leaked tape
• Remove Malware Protection Center fraud
• Remove Antivirus Smart Protection scam
• Scammers utilize the closing of Megaupload
• Remove Internet Security 2012 fraud
• Facebook users attacked once again
• Remove Smart Internet Protection 2012 malware
• Smart Protection 2012 uninstall guide

Antispyware Software

• Spyware Doctor
  • Rating
    
    Download Read review
    Spyware Doctor is one of the most reputable security programs and it’s one of the most often recommended anti-spyware tools. It's known for quick and effective scanning methods.
    
    
• VIPRE Antivirus + Antispyware
  • Rating
    
    Download Read review
    VIPRE combines antivirus, antispyware, anti-rootkit and other technologies into a seamless, tightly-integrated product.
    
    
• Spy Sweeper
  • Rating
    
    Download Read review
    Spy Sweeper is popular and powerful antispyware tool. It is the only one security product awarded as PC Magazine’s Editor’s Choice for 8 times.
    
    
• Trend Micro AntiVirus plus AntiSpyware
  • Rating
    
    Download Read review
    Trend Micro AntiVirus + AntiSpyware is the essential security you need so you can email and share files with confidence.
    
    
• Malwarebytes Anti-Malware
  • Rating
    
    Download Read review
    Malwarebytes Anti-Malware can detect and remove malware that other anti-virus and spyware programs generally miss, including rogue security software, although it is not effective against rootkits or viruses.
    
    
• Kaspersky Anti-Virus 2011
  • Rating
    
    Download Read review
    Kaspersky Anti-Virus 2011 is one of the optimal choices for protecting a computer from viruses and other threats. It offers multiple functions for cleaning a system and keeping it safe. Although it costs more than average anti-virus kit, Kaspersky Anti-Virus is often rated better than similar tools by users even when free virus removers are also in the assortment.
    
    

Subscribe

Latest threats

• Malware Protection Center
• Smart Internet Protection 2012
• Smart Protection 2012
• Internet Security Guard
• Home Security Essentials
• Windows XP Internet Security 2012
• Windows 7 Internet Security 2012
• Windows Vista Internet Security 2012
• System Check
• Intelinet Smart Security 3.1.0
• Super AV
• Home Security Solutions
• Best Antivirus
• Windows Vista Security 2012
• Win 7 2012
• Security Monitor 2012
• Windows Vista Antispyware 2012
• Windows 7 Security 2012