This is the best kind of vulnerability story: Researcher finds bug, researcher figures out a way to block future attacks exploiting similar bugs.
This week, Adobe patched 17 vulnerabilities, including multiple use-after-free bugs, in its Flash Player as part of a scheduled update. Endgame Security researchers reported one of those bugs, CVE-2015-7663, to Adobe, and they’re now working on a mitigation method to eliminate attacks exploiting similar bugs in Windows, Linux, and Mac OS X. The method is currently in proof-of-concept stage.
Endgame researchers exploited the bug, which lets an attacker read and write virtual memory, using a Vector length corruption technique, Endgame’s senior director of vulnerability research and prevention Cody Pierce wrote on the company blog. The technique is resistant to corruption and application crash, and Endgame researchers have seen an increase in Flash exploits over the past year using it.
To read this article in full or to leave a comment, please click here