Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers
who exploited the zero-day bug that was only discovered that same
day. The CFR website was compromised with JavaScript that served
malicious code to older IE browsers and the code then created a
heap-spray attack using Adobe Flash Player.
Yesterday former hacker Bryce Case Jr (YTCracker) tweeted about a new zero day exploit threatening all users of IE8, "internet explorer 6-8 0day making the rounds force them toolbar installs and keyloggers on exgf while you still can...".
On Saturday, Microsoft published a security advisory
warning users of Internet Explorer 6, 7, and 8 that they could be
vulnerable to remote code execution hacks. The vulnerability is a remote
code execution vulnerability that exists in the way that Internet
Explorer accesses an object in memory that has been deleted or has not
been properly allocated.
The vulnerability may corrupt memory in a way that could allow an
attacker to execute arbitrary code in the context of the current user
within Internet Explorer. An attacker could host a specially crafted
website that is designed to exploit this vulnerability through Internet
Explorer and then convince a user to view the website.
Meanwhile, the software giant will be shipping a software fix, available from its Fix It Solution Center,
to protect systems before the patch is ready. Microsoft also has posted
several mitigation options for users of Internet Explorer 8 or earlier
to protect the Windows operating system from the exploit.
The best measure - of course, switch to Google Chrome and Mozilla Firefox.
Sumbernya : thehackernews.com/2012/12/internet-explorer-6-7-and-8-vulnerable.html
0 komentar:
Posting Komentar