Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Microsoft pays maximum $100,000 bounty to Internet Explorer researcher

Microsoft pays maximum $100,000 bounty to Internet Explorer researcher
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Oct 8, 2013, 06:52 PM
 
Microsoft said earlier today that it is paying its maximum award -- $100,000 -- to a security researcher who found a critical hole in its Internet Explorer web browser. James Forshaw of the Context Information Society was rewarded by Microsoft for pointing out the flaw which Microsoft patched today.

Forshaw was also the recipient of $9,400 in additional rewards for other flaws found in Internet Explorer 11 in the four-month-old bounty program. He has been credited with finding over 30 security bugs across the PC industry's software, with rewards having been paid by Hewlett Packard and others.

The reported flaw affects all supported versions of Internet Explorer from Internet Explorer 6 through Internet Explorer 11. The exploit allows for remote code execution when an Internet Explorer user browses a website containing malicious code tailored to the specific version of the browser.

Microsoft says of the flaw that "the vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially-crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website."

Today's patch closes both the universal Internet Explorer bug, as well as some of the other flaws Forshaw reported. Microsoft was criticized for waiting until "patch Tuesday" to fix the problem, with researchers claiming the delay put more users in jeopardy.
( Last edited by NewsPoster; Oct 10, 2013 at 04:58 AM. )
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 02:00 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2