Although Internet Explorer no longer holds the crown of being the most widely-used browser, it still commands a mighty user base. Thus, it is bad news for these users that Microsoft has confirmed a new vulnerability in the earlier versions of the browser.
The vulnerability is currently being actively used by hackers to launched targeted attacks against Internet Explorer users. Although IE9 and IE10 users are safe, those using IE6, IE7 and IE8 are vulnerable to such targeted attacks.
For now, the software giant hasn’t released any patch to cover up the security flaw. It did release a Security Advisory note, though, which goes on to raise awareness regarding the vulnerability and suggests ways to minimize the damages that may be incurred due to this loophole.
According to Dustin Childs of Microsoft Trustworthy Computing, “Microsoft released Security Advisory 2794220 to provide customer awareness of a vulnerability affecting Internet Explorer versions 6, 7, and 8. While we actively work to develop an easy, one-click Fix it solution and security update for this issue, we strongly encourage that customers apply the mitigations and workarounds described in the advisory.”
This new vulnerability first came to light when the website of Council on Foreign Relation was hacked. The attackers used a JavaScript to load an Adobe Flash file which ultimately launched a heap spray in IE. This led to the downloading of a new file named ‘xsainfo.jpg.’
For now, Microsoft is recommending that such users who are using the IE versions containing this vulnerability should disable Flash ActiveX control in their browsers and disable Java. Such users who can upgrade to more recent versions of Internet Explorer must do so instantly.
Source: Microsoft
Courtesy: TNW
[ttjad keyword=”mac”]