We are seeing more and more Java vulnerabilities exploited in the wild. While it might surprise many users, and even some people in the industry, to hear that Java is currently a major vector for malware propagation, attackers haven't forgotten that it is still installed and used on a huge number of systems and devices, including those running Microsoft Windows, Mac OSX and different flavors of Unix. Since Java supports multiple platforms, one Java vulnerability can sometimes lead to exploitation on multiple platforms.
Java vulnerabilities are often about evading the sandbox. With sandbox evasion vulnerabilities, the exploitation is much easier and multi-platform attacks are feasible - all those security measures against memory corruption issues won't help. The widely-exploited CVE-2012-0507 vulnerability, for example, was a sandbox breach. We saw active Mac OSX system breaches using this vulnerability, and before that, the vulnerability was used for widespread infection of Windows systems. The cost of writing multi-platform exploits is relatively low and the success rate of exploitation is high.
As we can see, Java vulnerabilities have become more and more popular. However, there is a lack of knowledge on how exploitation of these vulnerabilities actually works. Many Java vulnerabilities result in a sandbox breach, but the way the breach happens is quite a complex process. In this presentation, we will look at some recent Java vulnerabilities and show where these vulnerabilities occur. We will also show you how the exploitation happens and how the bad guys adapt them to use in their arsenal. Of course, Java exploits and malware are written in Java. That opens up an easy way for the attackers to obfuscate and hide their exploits inside complicated logic and code. On the other hand, it means a hard life for security researchers. We are also going to show you an example of an exploit that was obfuscated and modified in a way that made analysis and detection difficult. We share Java debugging techniques and our experience in dealing with these problems.
I am a security researcher from Microsoft Malware Protection Center. We are dealing with all sorts of malwares and vulnerabilities. One of my main subject of researches was patch analysis in the past. I released DarunGrim as an opensource project (http://darungrim.org) and it is one of the popular patch analysis tools. Currently my research interests include but not limited to binary instrumentation, Java and Adobe Flash related vulnerabilities, application virtual machines, reverse engineering methodology and toolsets.