The Hacker News Logo
Subscribe to Newsletter

Accidental Leak Reveals Chinese Hackers Have IE Zero Day !

Evidence, leaked accidentally, points to Chinese based miscreants’ knowledge, and potential exploitation, of the latest Microsoft Corporation (NasdaqGS: MSFTInternet Explorer zero day, via a recently released Google Inc.’s (NasdaqGS: GOOG) researcher’s(Michal Zalewski) fuzzer application… Ooops. More, after the jump.

A renowned Google researcher who this week released a new free fuzzer that so far has found around 100 vulnerabilities in all browsers says Chinese hackers appear to have gotten their hands on one of the same bugs he discovered with the tool. Google’s Michal Zalewski unleashed the so-called cross_fuzz tool on New Year’s Day and announced the fuzzer to date uncovered more than 100 vulnerabilities, many of them exploitable, in all browsers. In a bizarre twist, Zalewski says an accidental leak of the address of the fuzzer prior to its release helped reveal some unexpected intelligence, namely that “third parties in China” apparently also know about an unpatched and exploitable bug he found in IE with the fuzzer. It all started when one of cross_fuzz’s developers, who was working on crashes in the open-source WebKit browser engine used in Chrome and Safari, inadvertently leaked the address of the fuzzer in one of the crash traces that was uploaded. That made the fuzzer’s directory, as well as the IE test results from the fuzzer indexed by GoogleBot, he says.


News Source : Google
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.