The browser loads the target user’s email list (about 12 kB) and posts it back to the attacker.
After the application is loaded and the plugin has checked for updates, it accesses an URL on the “attacker site” and gets a 301 redirection to. The screencap below shows Firefox’s Network Monitor when running our demo exploit. However, Unity Web Player allows the redirect because it erroneously bases its evaluation on the user:password part of the URL which is identical in both URLs (“x:y”).”Īccording to Unity developers more than 500 million users are using Unity Web Player on Macs, PCs, mobile devices and gaming consoles.Ĭyber security researcher has provided a video explaining Unity Web Player vulnerability as a proof-of-concept:
UNITY WEB PLAYER SAFE OR NOT CODE
‘ /redirector’ which could return a HTTP redirect status code (301, 302, 307) and a Location: header pointing at ‘ /’. The redirect should be denied because it points to a different domain. “A malicious app loaded from ‘ ’ could access an URL from e.g. This is done using specially formatted URL in an HTTP redirection. Unity Web Player vulnerability allows an altered Unity application to avoid standard cross-domain policies while a target views an page running a malicious application. Critical Unity Web Player Vulnerability Affect Millions of UsersĪ major vulnerability in Unity Web Player has been discovered by the cyber security researcher Jouko Pynnönen, allowing hackers to access websites using credentials of a target, thus giving an ability to read files and data on victims hard drive and read private messages on Facebook and Gmail.
0 kommentar(er)
