Tech News

IE 11 bug allows login credential theft, security update in works

A newly found vulnerability in Web Explorer 11 — even for these browsers which are up-to-date with all security patches — might result in stolen login credentials. The excellent news: Microsoft says that it’s “not conscious of this vulnerability being actively exploited” and is engaged on a repair.internetexplorer

Ars Technica reports that the wrongdoer is a common cross-site scripting (XSS) bug that, if a customer browses a malicious web site, can seize cookies or different HTML-based data that different web sites have saved on that customer’s pc. That might embrace authentication cookies which result in areas of internet sites for which logins are required and have “bank card knowledge, shopping histories, and different confidential knowledge.” The vulnerability has been efficiently demonstrated in a proof-of-concept exploit on Web Explorer 11 operating on Home windows 8.1 and Home windows 7.

Microsoft’s assertion factors out that, “to use this, an adversary would first have to lure the person to a malicious web site, usually via phishing.” And, whereas the security update is being developed, to comply with common sense recommendation: “Keep away from opening hyperlinks from untrusted sources and visiting untrusted websites.”

Back to top button