Trend Micro researchers found two critical vulnerabilties in Alipay, an app payment system popular in China. When exploited, the vulnerabilities allow attackers to manipulate app displays or create phishing pages to get data.
Use-After-Free exploits are now unheard of. Thanks to “delay free,“ an improvement deployed by Microsoft on Internet Explorer 11. With this improvement, timing to occupy freed object space becomes difficult to find for an attacker.
There is no silver bullet that can handle all targeted attacks that prey on organizations with varying security demands. In this article, we discuss the use of heuristics and sandboxing as complementary technologies that can go a long way against attacks.
23 reported vulnerabilities affecting Internet Explorer versions 6 to 11 are now resolved thanks to the July 2014 patch. Microsoft issues a total of six security bulletins - patches for various products and Windows operating system components.
Isolated heap, a method where IE prepares an isolated heap for objects in IE that are prone to the use-after-free vulnerability. Isolated heap does a number of steps in occupying the memory space vacated by the object.