The genius of this is that it's completely reusable...That's completely game over.- Dino Dai Zovi
Search Security reports during a charged presentation at the Black Hat hacking conference last week Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov of VMware Inc revealed a fatal flaw in Windows Vista which potentially blows the OS wide open and in such a way that it cannot be fixed.
"The genius of this is that it's completely reusable," said Security specialist Dino Dai Zovi to Search Security. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over. "What this means is that almost any vulnerability in the browser is trivially exploitable."
Naturally enough the entry method of choice is through Internet Explorer but it is not limited to this. The approach can also potentially be applied to other operating systems such as Windows XP and Mac OS X.
Unsurprisingly Microsoft has yet to comment on this as it no doubt takes a long hard look at Dowd and Sotirov's findings. Of course these are likely to go public soon so expect this to be a red hot topic over the comings months.
No comments:
Post a Comment