You can now find Cyber Kendra on Google News | Telegram

Google Hackers team disclose Critical Vulnerability on Windows and Adobe Reader

Google Hackers team disclose Critical Vulnerability on Windows and Adobe Reade, BLEND vulnerability, windows and adobe vulnerability, Google hackers team, Google project zero, Windows vulnerability, all about BLEND vulnerability
Remember Google's elite hackers team, Google;s Project Zero. Same team which had earlier disclosed couples of security vulnerability on Microsoft Windows which leaves millions of users under threat. Apart from Microsoft Windows, Project Zero team had also disclosed critical vulnerabilities on Adobe products also.

Now again they started bombing software giants, as security researcher from Project Zero team have revealed 15 vulnerabilities which impacts Microsoft Windows and Adobe Reader.

On Tuesday, Google Project Zero hacker Mateusz Jurczyk outlined a total of 15 critical vulnerabilities discovered within font management systems.

At REcon security conference, held in Montreal - researcher have revealed a paper named "One font vulnerability to rule them all: A story of cross-software ownage, shared code-bases and advanced exploitation," which reveals a set of nasty remote code execution and privilege escalation flaws which can be exploited through Adobe Reader or the Windows Kernel.

Researcher told to The Register that -
"the most serious and interesting vulnerability, an "entirely reliable" BLEND instruction exploit, relates to how systems handle CharStrings which are responsible for shaping glyphs depending on point size. The exploit "defeats all modern user and kernel-mode exploit mitigation's," 
Below you can watch a video demonstration of the exploitation of Adobe 11.0.10 using BLEND vulnerability.

Other than this researcher have also discovered a way to to exploit the flaw in a x64 system for the purpose of privilege escalation using another CharString vulnerability (CVE-2015-0090).

All the vulnerabilities are been notified to Microsoft and Adobe team and this time both vendors have released a patch of the bug with there latest updates. 

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.