I've read a lot of chatter recently around new heap spraying techniques taking advantage of HTML5, specifically...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
the research by Peter Van Eeckhoutte. Could you provide an update on this classic security attack technique? How can organizations protect their Web browsers from these new attacks?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
There is a variety of heap spraying techniques, but basically, an attacker writes to the heap in memory for a running program, then exploits a different vulnerability to cause the exploit to call the commands in the heap memory. This basically makes it easier to exploit a vulnerability. The heap spray attack technique researched by Peter Van Eeckhoutte allows for reliable exploitation on Internet Explorer 10 and Firefox where malicious code is executed, but doesn't specifically target HTML5, making it more broadly applicable.
In terms of mitigations for this specific exploit, Van Eeckhoutte's attack technique bypasses the default configuration of Microsoft's Enhanced Mitigation Experience Toolkit (EMET). Changing the default EMET settings to address high-memory addresses enables EMET to block the attack, however. Web browser makers have sought to prevent heap spray attacks by implementing additional memory protection controls in recent versions. Web browsers can also be run with least privilege, which makes it more difficult to exploit the vulnerabilities to gain administrator access.
For enterprises, protecting Web browsers from new attacks is similar to protecting against malware, but for Web browser makers, it should be part of their core security development lifecycle. Enterprises should update their security programs to plan for new attack techniques aimed at Web browsers or any software on endpoints, including a way to rapidly push out updates that mitigate new attacks. This should be part of protecting the underlying operating system.
Dig Deeper on Emerging Information Security Threats
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.