A major security flaw has been discovered in the latest version of Internet Explorer. The flaw found by David Leo, a researcher with Internet security firm Deusen affects users running IE11 on Windows 7 and 8.1. The vulnerability is a pretty serious one as the browser security can be bypassed allowing attackers to steal login details and user data to any site and they can also launch phishing attacks. The attackers bypass the same origin policy, which is one of the key components of web browser security, so that it can insert a malicious piece of code into a link made to look like it is from a trusted or familiar source.
Worryingly since same origin policy can be bypassed, you won’t be safe behind SSL encryptions, which are websites that start with https. Also once a cross-site scripting (XSS) attack is remotely launched, the entire look and feel of a website can be manipulated at the hacker’s will in a matter of seconds. In layman’s terms this means user account theft could happen and any html and cookies stolen by an attacker could be used in phishing attacks which appear to look legitimate. Obviously you would have to click on a link to visit a malicious website but that can happen very easily these days as more and more websites are linked and promoted in social media with shortened URL’s.
David Leo said that Microsoft was notified on Oct 13, 2014. Microsoft is currently working on a patch and has issued the following statement
“To successfully exploit this issue, an adversary would first need to lure a person, often through trickery such as phishing, to a malicious website that they’ve created. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against nefarious phishing websites. We’re not aware of this vulnerability being actively exploited and are working to address it with an update. We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.”
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.