I've read a lot of chatter recently around new heap spraying techniques taking advantage of HTML5, specifically...
the research by Peter Van Eeckhoutte. Could you provide an update on this classic security attack technique? How can organizations protect their Web browsers from these new attacks?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
There is a variety of heap spraying techniques, but basically, an attacker writes to the heap in memory for a running program, then exploits a different vulnerability to cause the exploit to call the commands in the heap memory. This basically makes it easier to exploit a vulnerability. The heap spray attack technique researched by Peter Van Eeckhoutte allows for reliable exploitation on Internet Explorer 10 and Firefox where malicious code is executed, but doesn't specifically target HTML5, making it more broadly applicable.
In terms of mitigations for this specific exploit, Van Eeckhoutte's attack technique bypasses the default configuration of Microsoft's Enhanced Mitigation Experience Toolkit (EMET). Changing the default EMET settings to address high-memory addresses enables EMET to block the attack, however. Web browser makers have sought to prevent heap spray attacks by implementing additional memory protection controls in recent versions. Web browsers can also be run with least privilege, which makes it more difficult to exploit the vulnerabilities to gain administrator access.
For enterprises, protecting Web browsers from new attacks is similar to protecting against malware, but for Web browser makers, it should be part of their core security development lifecycle. Enterprises should update their security programs to plan for new attack techniques aimed at Web browsers or any software on endpoints, including a way to rapidly push out updates that mitigate new attacks. This should be part of protecting the underlying operating system.
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.