MacNN Forums (http://forums.macnn.com/)
-   Tech News (http://forums.macnn.com/tech-news/)
-   -   Microsoft pays maximum $100,000 bounty to Internet Explorer researcher (http://forums.macnn.com/113/tech-news/504785/microsoft-pays-maximum-100-000-bounty/)

 
NewsPoster Oct 8, 2013 06:52 PM
Microsoft pays maximum $100,000 bounty to Internet Explorer researcher
Microsoft said <a href="http://macnn.com/rd/295935==http://blogs.technet.com/b/bluehat/archive/2013/10/08/congratulations-to-james-forshaw-recipient-of-our-first-100-000-bounty-for-new-mitigation-bypass-techniques.aspx" rel='nofollow'>earlier today</a> that it is paying its maximum award -- $100,000 -- to a security researcher who found a critical hole in its Internet Explorer web browser. James Forshaw of the Context Information Society was rewarded by Microsoft for pointing out the flaw which Microsoft patched today.<br />
<br />
Forshaw was also the recipient of $9,400 in additional rewards for other flaws found in Internet Explorer 11 in the four-month-old bounty program. He has been credited with finding over 30 security bugs across the PC industry's software, with rewards having been paid by Hewlett Packard and others.<br />
<br />
The <a href="http://macnn.com/rd/295817==http://www.electronista.com/articles/13/09/17/near.universal.flaw.affects.internet.explorer.6.th rough.current.revision/" rel='nofollow'>reported flaw</a> affects all supported versions of Internet Explorer from Internet Explorer 6 through Internet Explorer 11. The exploit allows for remote code execution when an Internet Explorer user browses a website containing malicious code tailored to the specific version of the browser.<br />
<br />
Microsoft says of the flaw that "the vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially-crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website."<br />
<br />
Today's patch closes both the universal Internet Explorer bug, as well as some of the other flaws Forshaw reported. Microsoft was criticized for waiting until "patch Tuesday" to fix the problem, with researchers claiming the delay put more users in jeopardy.
 
All times are GMT -4. The time now is 04:05 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2016, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2