Skip to main content

Internet Explorer 8 Browser Already Hacked

Microsoft's latest browser, Internet Explorer 8, has officially suffered its first security breach since its launch, during a hacking contest held at the 10th annual CanSecWest conference in Vancouver, Canada.

A hacker, who identified himself as Nils, managed to break into Microsoft's safest browser yet using a yet-unknown vulnerability a few hours after IE8 was launched as the browser was running on a WIndows 7 Beta platform.

Hothardware reports that Nils grabbed $5000 and a free laptop for the trick, "With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization)."

The event was sponsored by 3Com's TippingPoint under the watchful eyes of Microsoft. Within minutes, TippingPoint gave all the details and code to Mike Reavey, operations manager at the Microsoft Security Research Center (MSRC).

Microsoft subsequently released a statement saying that the company was investigating reports of a possible vulnerability in Internet Explorer 8 and actions will be taken if it was confirmed.

It is still unknown whether the vulnerability exists only on Windows 7; four vulnerabilities were found during the PWN2OWN session this year earning the winners $20,000 in all and the details about the weaknesses won't be disclosed until appropriate patches are issued.

You can follow ITProPortal.com on Twitter @itproportal (opens in new tab).

Our Comments

Some cynics may say that this is a cheaper and faster way to find vulnerabilities within a software and amounts to paying a consultant on delivery only. The next stage of the challenge will be more interesting as punters will take a chance at hacking mobile browsers and it might even be simpler than for their desktop counterparts.

Related Links

Researcher hacks just-launched IE8 (opens in new tab)

(Computerworld)

Pwn2Own 2009: Nils takes down IE8, Firefox and Safari (opens in new tab)

(Guardian)

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari (opens in new tab)

(ZDNet)

Safari, IE 8 and Firefox hit by Zero-Day at PWN2OWN (opens in new tab)

(Internetnews)

Safari, IE8, & Firefox Hacked in Pwn2Own Contest (opens in new tab)

(Hothardware)

Microsoft Debuts IE8, Only to Have It Hacked (opens in new tab)

(Technewsworld)

Désiré Athow
Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.