Microsoft Edge Flaw Lets Hackers Steal Local Files

Microsoft has fixed a vulnerability in the Edge browser that could be abused against older versions to steal local files from a user's computer.
The good news is that social engineering is involved in exploiting the flaw, meaning the attack cannot be automated at scale, and, hence, present a smaller level of danger to end users.
Edge flaw is SOP-related
Discovered by Netsparker security researcher Ziyahan Albeniz, the vulnerability involves the Same-Origin Policy (SOP) security feature that all browser support.
In Edge, and all other browsers, SOP works by preventing an attacker from loading malicious code via a link that does not matches the same domain (subdomain), port, and protocol.
Albeniz says that Edge's SOP implementation works as intended except one case —when users are tricked into downloading a malicious HTML file on their PC and then running it.
When the user runs this HTML file, its malicious code will be loaded via the file:// protocol, and because it's a local file, it will not have a domain and port value.
What this means is that this malicious HTML file can contain code that collects and steals any data from local files accessible via a "file://" URL.
Because any OS file can be accessed via a file:// URL inside a browser, this essentially gives the attacker free reign to collect and steal any local file he wants.
Flaw useful in targeted attacks
Albeniz says that during tests he was able to steal data from local computers and send it to a remote server by executing this file in both Edge and the Mail and Calendar app. He also recorded a video of the attack, embedded below.
The attack requires an attacker knowing where various files are stored, but some OS and app config and storage files are in most cases stored at the same location on the vast majority of devices. Furthermore, the location of some files can be inferred or guessed.
The vulnerability may not be useful in the case of en-masse malware distribution campaigns, but it could be useful in more targeted attacks on high-value targets.
Warning for opening HTML files of unknown origin
But while Microsoft has addressed this issue in recent Edge and Mail and Calendar app versions, Albeniz now wants to warn users about the dangers of running HTML files they receive from strange persons or via email.
The researcher's warning is valid because HTML files are not usually associated with regular malware distribution campaigns.
According to an F-Secure report, just five file types make up 85% of all malicious attachments sent via email spam campaigns. They are ZIP, DOC, XLS, PDF, and 7Z.
"The only way to protect yourself is to update to the latest versions of the Edge browser and Windows Mail and Calendar applications. And, of course it's best to never open attachments from unknown senders, even if the extension doesn't initially appear to be malicious," the researcher said in a report he published yesterday, entitled "Exploiting a Microsoft Edge Vulnerability to Steal Files."
Albeniz said other browsers were not vulnerable to the SOP vulnerability he reported to Microsoft. The researcher also told Bleeping Computer that the Redmond-based OS maker fixed the vulnerability (CVE-2018-0871) with the release of the June 2018 Patch Tuesday.

Views: 145

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

04 June 2020

Nokia 43-inch 4K LED Smart Android TV with Dolby Vision, JBL audio launched in India for Rs. 31999

Flipkart and Nokia have launched the second Nokia branded Smart TV in India, as they had promised. The 43-inch

Lenovo launches Chromebook Flex 3i – an 11.6-inch convertible notebook

Lenovo has quietly added a new 11.6-inch convertible Chromebook to its budget laptop lineup. The new Lenovo 

Samsung Display unveils optimized OLED display for 5G smartphones

Samsung Display, the display-making affiliate of the conglomerate, unveiled an optimized OLED display for 5G

Microsoft’s Chromium-based Edge browser rolls out through Windows Update

Edge, Microsoft’s replacement for its often-criticized Internet Explorer was first released in 2015. But last year,

Samsung Galaxy Note 20 Ultra first appeared on the web

A Samsung smartphone with the model number SM-N986U has recently passed Bluetooth SIG certification

03 06 2020

Honor Play 4, Honor Play 4 Pro with hole-punch display, 5G support launched: Price, specifications

Honor Play 4 and Honor Play 4 Pro have been launched as the latest smartphones by the Huawei sub-brand Honor. 

iPad shipments predicted to fall this year amid 7% decline in wider PC and tablet market

Market research firm Canalys has forecast a sharp drop in PC and tablet sales in 2020 due to the economic

Facebook is making it easier to bulk-delete your embarrassing old posts

Facebook is launching a new feature called Manage Activity that lets users delete their old posts. It can be used

OPPO RENO 3 with dimensity 1000L SoC tops Antutu mid-range ranking

AnTuTu benchmark team has published the traditional ranking of the most powerful mid-range smartphones

Scottish island pilots drone deliveries of medical supplies

In a field overlooking the Lorn and Islands Hospital in the town of Oban on Scotland's remote west coast, an

Latest iPhone and iPad update is a toxic hellstew of bugs

Have you updated to iOS 13.5 or iPadOS 13.5? If not, you might want to hold off, because Apple's back to releasing buggy updates.