Skip to main content

Internet Explorer 8 Browser Already Hacked

Microsoft's latest browser, Internet Explorer 8, has officially suffered its first security breach since its launch, during a hacking contest held at the 10th annual CanSecWest conference in Vancouver, Canada.

A hacker, who identified himself as Nils, managed to break into Microsoft's safest browser yet using a yet-unknown vulnerability a few hours after IE8 was launched as the browser was running on a WIndows 7 Beta platform.

Hothardware reports that Nils grabbed $5000 and a free laptop for the trick, "With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization)."

The event was sponsored by 3Com's TippingPoint under the watchful eyes of Microsoft. Within minutes, TippingPoint gave all the details and code to Mike Reavey, operations manager at the Microsoft Security Research Center (MSRC).

Microsoft subsequently released a statement saying that the company was investigating reports of a possible vulnerability in Internet Explorer 8 and actions will be taken if it was confirmed.

It is still unknown whether the vulnerability exists only on Windows 7; four vulnerabilities were found during the PWN2OWN session this year earning the winners $20,000 in all and the details about the weaknesses won't be disclosed until appropriate patches are issued.

You can follow on Twitter @itproportal.

Our Comments

Some cynics may say that this is a cheaper and faster way to find vulnerabilities within a software and amounts to paying a consultant on delivery only. The next stage of the challenge will be more interesting as punters will take a chance at hacking mobile browsers and it might even be simpler than for their desktop counterparts.

Related Links

Researcher hacks just-launched IE8


Pwn2Own 2009: Nils takes down IE8, Firefox and Safari


Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari


Safari, IE 8 and Firefox hit by Zero-Day at PWN2OWN


Safari, IE8, & Firefox Hacked in Pwn2Own Contest


Microsoft Debuts IE8, Only to Have It Hacked