A major security flaw has been discovered in the latest version of Internet Explorer. The flaw found by David Leo, a researcher with Internet security firm Deusen affects users running IE11 on Windows 7 and 8.1. The vulnerability is a pretty serious one as the browser security can be bypassed allowing attackers to steal login details and user data to any site and they can also launch phishing attacks. The attackers bypass the same origin policy, which is one of the key components of web browser security, so that it can insert a malicious piece of code into a link made to look like it is from a trusted or familiar source.
Worryingly since same origin policy can be bypassed, you won’t be safe behind SSL encryptions, which are websites that start with https. Also once a cross-site scripting (XSS) attack is remotely launched, the entire look and feel of a website can be manipulated at the hacker’s will in a matter of seconds. In layman’s terms this means user account theft could happen and any html and cookies stolen by an attacker could be used in phishing attacks which appear to look legitimate. Obviously you would have to click on a link to visit a malicious website but that can happen very easily these days as more and more websites are linked and promoted in social media with shortened URL’s.
David Leo said that Microsoft was notified on Oct 13, 2014. Microsoft is currently working on a patch and has issued the following statement
“To successfully exploit this issue, an adversary would first need to lure a person, often through trickery such as phishing, to a malicious website that they’ve created. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against nefarious phishing websites. We’re not aware of this vulnerability being actively exploited and are working to address it with an update. We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.”
Annual venture capital funding into Irish tech SMEs fell for the first time last year…
Kingspan has announced the opening of applications for the 2026 Kingspan Kickstart Sports Fund (Kickstart),…
Azul, the only company 100% focused on Java, today announced the results of its 2026…
South East Technological University has signed a Memorandum of Understanding (MoU) with KIMO International at…
Digital Infrastructure Ireland (DII) is pleased to announce its partner community for 2026, reflecting the…
Leading international law firm, Addleshaw Goddard, launched its Investors in Energy: Ireland Report at its…
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.