Skip to content

Internet Explorer zero-day Flaw Exploited in Operation Code on Toast

  • by

[[{“value”:”

AhnLab Security Intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have jointly uncovered a zero-day vulnerability in Microsoft Internet Explorer (IE).

Dubbed “Operation Code on Toast,” this exploit is attributed to the North Korean threat actor TA-RedAnt, also known as RedEyes or APT37.

Exploitation Methodology

TA-RedAnt has a history of targeting individuals such as North Korean defectors and experts in North Korean affairs. In this operation, they exploited a zero-day vulnerability in IE to manipulate a specific toast ad program.

These programs, often bundled with free software, render web content using WebView. If the WebView is IE-based, it becomes susceptible to IE vulnerabilities.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Despite Microsoft’s termination of IE support in June 2022, many Windows applications still rely on its engine, making them vulnerable. The attackers first infiltrated a Korean online advertising agency’s server.

By injecting malicious code into the server’s ad content script, they triggered a zero-click attack—requiring no user interaction—when the toast ad program downloaded and rendered the ad content.

Technical Details of the Vulnerability – CVE-2024-38178

The vulnerability stems from a type confusion error in IE’s JavaScript engine (jscript9.dll).

This flaw occurs when data is mistakenly treated as another type during optimization, allowing attackers to execute arbitrary code.

TA-RedAnt leveraged this to install malware via toast ad programs on victims’ desktops. Once infected, the system could be manipulated for various malicious activities, including executing remote commands.

Upon discovering the vulnerability, AhnLab and the NCSC promptly reported it to Microsoft.

On August 13, Microsoft issued CVE-2024-38178 with a CVSS score 7.5 and released a patch to mitigate the threat. Users and organizations are urged to apply this update immediately to safeguard against potential exploits. 

This incident underscores the persistent risks associated with outdated software components and highlights the importance of maintaining up-to-date security measures.

As cyber threats evolve, vigilance and prompt action remain crucial in defending against sophisticated attacks like those orchestrated by TA-RedAnt.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)

The post Internet Explorer zero-day Flaw Exploited in Operation Code on Toast appeared first on Cyber Security News.

“}]] 

Read More  Cyber Security News