toggle

AAPL Stock: 109.27 ( -1.1 )

Printed from http://www.macnn.com

Internet Explorer vulnerability affects all from version 6 to latest

updated 08:56 pm EDT, Sun April 27, 2014

Exploit targets Internet Explorer 9 to 11, flaw dates back to Internet Explorer 6

A recently-discovered security flaw in Internet Explorer has the potential to affect a wide number of Internet users, according to a security firm. Confirmed by Microsoft, the "zero-day" exploit found by FireEye targets Internet Explorer 9 through to version 11, though the vulnerability itself has been found to exist in all versions of the browser going back to Internet Explorer 6.

Revealed yesterday, the exploit takes advantage of a use-after-free vulnerability, using Flash to access memory and bypass Windows' ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) protection systems. In essence, an attacker able to coax a victim to visit a specially created site with a prepared Flash file could potentially execute code on the target computer, installing malware and gaining control of the PC.

The active exploit is being targeted in the last three versions of Internet Explorer, making up around 26 percent of the browser market in 2013. Microsoft advises that users installing the latest version of the Enhanced Mitigation Experience Toolkit, and to change Internet and Local intranet security zone settings to "High," among other items, with FireEye adding that the Enhanced Protected Mode in Internet Explorer 10 and later breaks the exploit, and disabling the Flash plug-in will prevent it from running in the first place.




by MacNN Staff

toggle

Comments

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    So this is actually a FLASH vulnerability?

  1. Mike Wuerthele

    Managing Editor

    Joined: 07-19-12

    Sort of. It's a Flash vulnerability that requires the exploited to be using IE to take advantage of.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

toggle

Most Commented