The company security FireEye Labs ανακάλυψε μια νέα zero-day ευπάθεια στον Internet Explorer 9 και 10. Η ευπάθεια επιτρέπει σε έναν εισβολέα να εγκαταστήσει κακόβουλο λογισμικό σε συστήματα που δεν έχουν ενημερωθεί.
According to their research, the attack is done with the help of a website whose HTML code has been modified by the attacker.
"OR HTML /JavaScript webthe attacker's page runs one Flash object, which orchestrates the rest of it exploit. It exploit is a vulnerability in IE 10 that is built into JavaScript, ”explains FireEye Labs.
So far, the vulnerability has been shown to affect versions of Internet Explorer 9 and 10 that use Adobe Flash, while the Microsoft confirms that it is currently investigating the reports and trying to determine how it works exploit.
"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," said afaceof Microsoft on TNW. ” As our investigation continues, we recommend our customers upgrade to Internet Explorer 11 for additional protection.”