Chrome, Internet Explorer, Firefox Response To ‘Exploit’

[Hungry Man]

https://insanitybit.wordpress.com/20...-to-exploit-7/

Quote:

A recent blogpost showed how Chrome, Internet Explorer 9, and Firefox are all vulnerable to a specific bug that can be used to trick the user into downloading a file when they meant to download something else.

[dw426]

That's a rather pathetic response from these vendors, especially MS. If Chrome devs are at least saying they plan to look at it, I would take a guess that they will be doing so in secret and not saying anymore about it until the fix shows up in an update. Then again, I could be placing too much faith in them. Though one thing I'd say about Chrome is that for those paying attention, this would be hard to exploit, seeing as how Chrome updates Flash on its own.

But Firefox and MS, for shame. One can only hope they fix this for IE 10. The last thing they need right now is to get that reputation for bad security back.

[Hungry Man]

There was discussion on the Firefox side though at least and they'll probably address it, there's just no confirmation.

Chrome has confirmed that they'll fix it there's simply no date yet.

Quote:

Though one thing I'd say about Chrome is that for those paying attention, this would be hard to exploit, seeing as how Chrome updates Flash on its own.

Sure, but you can do this with Java too. Anything, really.

The proof of concept downloads calc.exe I believe.

edit: Actually, I believe Chrome is "more vulnerable" than Firefox in this case as the Firefox download UI provides more information. Can't confirm as I haven't looked. Either way, like I said in the article, if I were to post a "Critical Flashplayer Update" I'd probably infect quite a few Wilders users.

[dw426]

Actually yeah, you probably could infect quite a few. It's a pretty darn awesome way to hook someone. It's yet another reason one should always go straight to the source instead of trusting links.

[Hungry Man]

A hacked website, email, facebook, twitter, anything could do a lot of damage with it.

[funkydude]

Quote:

Originally Posted by dw426

That's a rather pathetic response from these vendors, especially MS. If Chrome devs are at least saying they plan to look at it, I would take a guess that they will be doing so in secret and not saying anymore about it until the fix shows up in an update. Then again, I could be placing too much faith in them. Though one thing I'd say about Chrome is that for those paying attention, this would be hard to exploit, seeing as how Chrome updates Flash on its own.

But Firefox and MS, for shame. One can only hope they fix this for IE 10. The last thing they need right now is to get that reputation for bad security back.

This is a really interesting issue but unlikely to be used because standard social engineering is more effective. Sure you could link this to your friends but why would you? If someone happened to stumble across it I think they'd find it odd that they suddenly ended up on a flash download page and close it. There really isn't any use case for this outside of being linked to it and explicitly told by said person "you need to download that".

On the plus side IE9 explicitly states the false origin of the file and it also would be blocked by IE9's App Reputation.

[Hungry Man]

Quote:

There really isn't any use case for this outside of being linked to it and explicitly told by said person "you need to download that".

Right, but imagine the potential for, say a hacked twitter, email, facebook, or website.

It also wouldn't necessarily be blocked by AppReputation or SmartScreen just as any antivirus might miss it. That would certainly help though.

[funkydude]

Quote:

Originally Posted by Hungry Man

It also wouldn't necessarily be blocked by AppReputation or SmartScreen just as any antivirus might miss it. That would certainly help though.

AV isn't default-deny, AppRep is. The chances of an unsigned file from suspicious website x being allowed is highly unlikely.