1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security software that uses 'code hooking' opens the door to hackers

Discussion in 'CSO' started by RSS, Jul 19, 2016.

  1. RSS

    RSS New Member Member

    Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit.

    Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use 'hooking' to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process.

    Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn't otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims' computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that's scheduled to be published Tuesday.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page