Microsoft has worked really hard to make both Internet Explorer 11 and Windows 8.1 more secure and it even launched a bug bounty program to get help from security researchers and make its products impossible to hack.But despite all its efforts, Abdul Aziz Hariri and Matt Molinyawe, both security researchers for HP’s Zero-Day Initiative group, have managed to break into Internet Explorer 11 on Windows 8.1 at the recently-held Mobile Pwn2Own.
HP says that the two researchers found a zero-day flaw in Internet Explorer 11 running on Surface Pro, managing to launch the built-in calculator from the browser and get full control of a vulnerable device.
“The demonstration took advantage of a use-after-free issue in IE 11 to leak an address allowing them to bypass ASLR and DEP. Abdul and Matt launched calc.exe from the browser and also demonstrated a weaponized metasploit module,” HP explained.
Of course, the vulnerability has already been privately reported to Microsoft, so expect the software giant to repair it in a future Patch Tuesday rollout.