The FireFox zero-day recently used in the wild made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or another governmental agency, especially as the attack resembled past investigations used to identify Tor users.
Developers at both Mozilla and Tor reacted fast by pushing out browser updates that patch this critical vulnerability. Still, the race isn’t over, as the complete source code for the exploit was published publicly for use by any hacker. Until every Firefox and Tor user upgrades to the new version, they remain vulnerable.
Unless they use Morphisec that is. As we would expect, Morphisec easily prevents this exploit. This is yet another demonstration of the powerful prevention capabilities at the core of Morphisec’s Moving Target Defense technology, and the type of virtual patching it provides organizations.
Enjoy our short attack video, showing Morphisec Endpoint Threat Prevention solution preventing this exploit [CVE-2016-9079].