A posting from Dark Reading in there Endpoint Security section : With the onslaught of zero-day attacks continuing to increase the barrage of unanswered threats against endpoints, there’s a growing contingent of security advocates championing the addition of a virtualized container layer in the endpoint security mix. Analyst predictions are rosy for the virtual containerization market to grow as a security niche and enterprises are certainly clamoring for a way to help them beat the signature-defense hamster wheel.
But this containerization approach, also referred to as application sandboxing, has some researchers pointing to what they call a potentially fatal flaw: kernel vulnerabilities. “Essentially if an application can pull the kernel into stumbling on a logic bug in the kernel itself when the kernel is working for the application, you can compromise the kernel directly and thereby step over and directly bypass any form of sandbox protection,” says Simon Crosby, co-founder and CTO of Bromium, which took the wraps off such a bypass earlier this spring at Black Hat Europe. Now Crosby says the firm plans to release new proofs of concept at Black Hat USA in August. “And, by the way, it’s a very large and rapidly growing list of kernel vulnerabilities, a huge footprint of code.”
To read more click here: