General
|
Written by Daniel
|
Thursday, 30 October 2008 11:07 |
New attack uses application flaws to force good code to go rogue
Oct 29, 2008 | 04:44 PM By Kelly Jackson Higgins DarkReading
Turns out you don't need malware to exploit a security flaw in an application: A pair of researchers has found a way to automatically make good code do bad things.
Researchers from the University of California at San Diego (UCSD) have devised a technique that basically lets an attacker bypass built-in system defenses aimed at blocking malware, and then execute instructions from inside the application. The process uses an application's vulnerability to turn it against the system on which it runs. An attacker could take advantage of a flaw in a Web browser, for instance, to force the browser to spam the user's address book using only the browser's own code, according to the researchers. [Comments...]
|