Google Hackers team disclose Critical Vulnerability on Windows and Adobe Reader

Google Hackers team disclose Critical Vulnerability on Windows and Adobe Reade, BLEND vulnerability, windows and adobe vulnerability, Google hackers team, Google project zero, Windows vulnerability, all about BLEND vulnerability
Remember Google's elite hackers team, Google;s Project Zero. Same team which had earlier disclosed couples of security vulnerability on Microsoft Windows which leaves millions of users under threat. Apart from Microsoft Windows, Project Zero team had also disclosed critical vulnerabilities on Adobe products also.

Now again they started bombing software giants, as security researcher from Project Zero team have revealed 15 vulnerabilities which impacts Microsoft Windows and Adobe Reader.

On Tuesday, Google Project Zero hacker Mateusz Jurczyk outlined a total of 15 critical vulnerabilities discovered within font management systems.

At REcon security conference, held in Montreal - researcher have revealed a paper named "One font vulnerability to rule them all: A story of cross-software ownage, shared code-bases and advanced exploitation," which reveals a set of nasty remote code execution and privilege escalation flaws which can be exploited through Adobe Reader or the Windows Kernel.

Researcher told to The Register that -
"the most serious and interesting vulnerability, an "entirely reliable" BLEND instruction exploit, relates to how systems handle CharStrings which are responsible for shaping glyphs depending on point size. The exploit "defeats all modern user and kernel-mode exploit mitigation's," 
Below you can watch a video demonstration of the exploitation of Adobe 11.0.10 using BLEND vulnerability.

Other than this researcher have also discovered a way to to exploit the flaw in a x64 system for the purpose of privilege escalation using another CharString vulnerability (CVE-2015-0090).

All the vulnerabilities are been notified to Microsoft and Adobe team and this time both vendors have released a patch of the bug with there latest updates. 
Read Also
Post a Comment