VUPEN researchers have managed to break into IE11’s sandbox

Mar 13, 2014 14:15 GMT  ·  By

Internet Explorer 11 is one of the applications that got hacked during the first day of hacking competition Pwn2Own 2014, as security researchers at VUPEN have managed to bypass the sandbox and break into the browser.

VUPEN researchers have also managed to break into Firefox with a use-after-free technique, so they have all been rewarded with $300,000 (€215,000) for their efforts.

Internet Explorer wasn’t the only application that got hacked during day 1 of Pwn2Own, as Firefox, Adobe Flash, and Adobe Reader security systems have also been breached by researchers in approximately 5 minutes.

VUPEN experts have already contacted Microsoft to provide more information the security flaws and the company is already working with researchers to patch the flaws and make sure that no one gets hacked using the same technique.

Of course, no exploits would be made public, as Microsoft would work to patch it behind the closed doors and integrate the fix in the browser in a future update.

Microsoft claims that Internet Explorer 11 is the most secure version of its browser to date, not only on the desktop, but also in the Modern UI. Internet Explorer 11 comes with several security enhancements and is one of the first browsers that come with Do Not Track turned on by default, thus adding a new privacy layer to users’ computers.