Canalblog
Editer l'article Suivre ce blog Administration + Créer mon blog
Publicité
PROSERVIA : Pôle Conseil Expertise
Newsletter
Archives
PROSERVIA : Pôle Conseil Expertise
13 mars 2012

How Google set a trap for Pwn2Own exploit team

Summary: Here’s the story of how a unique signature was used to figure out if exploit writers would take aim at the Flash Player plugin in Google Chrome browser.

VANCOUVER — Last May, when security researchers from VUPEN posted this video to gloat aboutdemo a code execution exploit — and sandbox bypass — against the Google Chrome browser, the security response folks at Google took a close look and found enough evidence that the exploit actually hit the Chrome Flash Player plugin.

At the time, the two companies publicly sparred over the origin of the vulnerability with Google intent on making the distinction that the faulty code was supplied by Adobe and VUPEN insisting that it didn’t matter because the exploit worked against the browser’s default installation.

--> Please see the rest on the site : http://www.zdnet.com/blog/security/how-google-set-a-trap-for-pwn2own-exploit-team/10641 


Publicité
Commentaires
Publicité
Publicité