Microsoft has to deal with yet another zero-day exploit found in a version of Internet Explorer. Fortunately, this flaw was found not by hackers but by security researchers and demoed as part of a non-competition portion of the Mobile Pwn2Own hacking contest.
PCWorld reports that researchers Abdul Aziz Hariri and Matt Molinyawe from HP’s Zero-Day Initiative team were able to hack into a Surface Pro tablet via a bug in IE11 running on Windows 8.1. The exploit allowed them to gain remote code execution which, Hariri said, "gave us full control over the whole machine".
The flaw has already been reported to Microsoft but there's no word on when it might release a patch to close the exploit. There's currently no evidence that the flaw is being used in the wild.
Earlier this week, security patches and other fixes for IE11 were released by Microsoft, which bumped the version number of the browser from 11.0 to 11.0.1.
Another researcher, who uses the handle "Pinkie Pie" found a way to remotely control a Nexus 4 and a Samsung Galaxy S4 through an issue in the current version of Chrome for Android. He was awarded $50,000 for his efforts, which included a $10,000 bonus paid by Google.
Source: PC World | Image via Microsoft