I've read a lot of chatter recently around new heap spraying techniques taking advantage of HTML5, specifically...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the research by Peter Van Eeckhoutte. Could you provide an update on this classic security attack technique? How can organizations protect their Web browsers from these new attacks?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
There is a variety of heap spraying techniques, but basically, an attacker writes to the heap in memory for a running program, then exploits a different vulnerability to cause the exploit to call the commands in the heap memory. This basically makes it easier to exploit a vulnerability. The heap spray attack technique researched by Peter Van Eeckhoutte allows for reliable exploitation on Internet Explorer 10 and Firefox where malicious code is executed, but doesn't specifically target HTML5, making it more broadly applicable.
In terms of mitigations for this specific exploit, Van Eeckhoutte's attack technique bypasses the default configuration of Microsoft's Enhanced Mitigation Experience Toolkit (EMET). Changing the default EMET settings to address high-memory addresses enables EMET to block the attack, however. Web browser makers have sought to prevent heap spray attacks by implementing additional memory protection controls in recent versions. Web browsers can also be run with least privilege, which makes it more difficult to exploit the vulnerabilities to gain administrator access.
For enterprises, protecting Web browsers from new attacks is similar to protecting against malware, but for Web browser makers, it should be part of their core security development lifecycle. Enterprises should update their security programs to plan for new attack techniques aimed at Web browsers or any software on endpoints, including a way to rapidly push out updates that mitigate new attacks. This should be part of protecting the underlying operating system.
Dig Deeper on Emerging Information Security Threats
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.