Chapter 4. Blended Threats: When Applications Exploit Each Other
The amount of software installed on a modern computer system is staggering. With so many different software packages on a single machine, managing their interactions becomes increasingly complex. Complexity is the friend of the next-generation hacker. The smartest attackers have developed techniques to take advantage of this complexity, creating blended attacks for blended threats. These blended attacks pit applications against each other, bypassing security protections and gaining access to your data. As security measures continue to increase and software becomes hardened against attacks, the next-generation hacker will turn to blended attacks to defeat security protections and gain access to your sensitive data. This chapter will expose the techniques attackers use to pit software against software. We will present various blended threats and attacks so that you can gain some insight as to how these attacks are executed and the thought process behind blended exploitation.
On May 30, 2008, Microsoft released a security advisory describing an attack against Windows systems. Normally, Microsoft security advisories are straightforward, identifying the Microsoft product affected, describing the risks associated with the identified vulnerability, and providing possible workarounds. This particular advisory was different. This advisory described an attack that involved the Safari web browser, which is made by Apple Inc., ...