Internet Explorer Bug Leaks What Users Type in the URL Address Bar

Haythem Elmir

Microsoft’s Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar.

This includes new URLs where the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages inside IE would likely see this bug as a big issue.

The bug, spotted by security researcher Manuel Caballero, poses a privacy risk, as it could be used in reconnaissance operations in targeted attacks, but also for data harvesting by online advertisers.

Bug is easy to exploit

The bug occurs when IE loads a page with (1) a malicious HTML object tag and (2) features the compatibility meta tag in its source code. Both conditions are quite easy to meet.

Condition one: Attackers can hide malicious HTML object tags in hacked sites or load it via ads that allow advertisers to load custom HTML and/or JavaScript code.

To read the original article:

Laisser un commentaire

Next Post

Europol Warns Banks ATM Cyber Attacks on the Rise

Cyber criminals are increasingly accessing ATM machines through the banks’ networks, with squads of money mules standing by ready to pick up the stolen cash, Europe’s policing agency warned Tuesday. « The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately, » said Steven […]