A major security flaw has been found in the very latest versions of Internet Explorer.
The vulnerability allows attackers to bypass browser security in order to steal login credentials and user data to any website, as well as launch potentially dangerous phishing attacks.
The vulnerability, which is said to be affecting users running IE11 on Windows 7 and 8.1, allows attackers to bypass the same origin policy, which is an important part of web browser security, in order to insert a malicious piece of code into a link which ordinarily looks like it is from a trusted or familiar source.
The flaw was first highlighted by David Leo, a researcher with Internet security firm Deusen.
In order to demonstrate the vulnerability, Leo used the Daily Mail website as an example.
When the Daily Mail website was opened in IE11, the malicious code provided the user with what appeared to be a legitimate link.
When the link was clicked, a new window was opened with what looked to be the Daily Mail website, however, after a few seconds the newly opened window displayed the words “Hacked by Deusen”.
Rather than it being used on the Daily Mail website, as it was in the demo, an attacker could launch the same kind of attack on one of your social media accounts, your private email or even worse, the website of your bank
And due to the fact the link appears to be on legitimate site right until the very last moment, it means that even most security conscious of web users can be duped.
Joey Fowler, a security expert for Tumblr, carried out his own tests after reading the original claims and he also confirmed the security flaw.
In response to the highlighted vulnerability with Internet Explorer, ARS Technica reports that the following statement has been released by Microsoft:
We are not aware of this vulnerability being actively exploited and are working on a security update. To exploit this, an adversary would first need to lure the user to a malicious website, often through phishing. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against phishing websites. We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.
Microsoft engineers are said to be working on a security patch to fix the vulnerability.
Jonathan is our Google Nexus and Android enthusiast. He is also fanatical about football which makes it all the more strange that he should support Stockport County. In addition to writing about tech, Jonathan has a passion for fitness and nutrition and has previously written for one the UK’s leading watch and horology websites.