Adobe issues PDF security warning
God to Stephen Hawking: Really? That's all you've got?
Can Android maintain its accelerated momentum?
Microsoft apologizes over Xbox Live gay snafu
Google Instant Search goes live
TechCrunch Europe issues belated malware warning
Mozilla kicks off browser-based gaming campaign
iPad cannibalizes low-end notebook sales
Sony will sell off LCD TV plant
Super Talent fires up USB 3.0 drive with DRAM cache
T-Mobile will apparently get iPhone 3GS by end of year
Research In Motion acquires Documents To Go maker DataViz
Disney-Sony pact further chokes Blu-ray 3D market
Sulphuric acid could cut global warming
Government may need warrant to access cellphone records
Symantec confirms Internet Explorer exploit
A new exploit targeting Internet Explorer has been published on the BugTraq mailing list. According to Symantec, the exploit takes advantage of a critical cascading style sheet (CSS) vulnerability.
"[We] conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. [However], the exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future," Symantec explained in an official blog post.
"When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. [But] they must [first] lure victims to their malicious Web page or a Web site they have compromised. [Yet], in both cases, the attack requires JavaScript to exploit Internet Explorer. [As such], IE users should disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft."
The latest Zero Day IE exploit has also been confirmed by Vupen Security, which provided a detailed description of the vulnerability.
"This [exploit] is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the 'getElementsByTagName()' method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page."??
It should be noted that Vupen Security lists the exploit as only affecting versions 6 and 7 of Internet Explorer.??
See Also
?Mutant Koobface worm attacks Skype accounts
China has free reign over US computers
?Microsoft issues Windows 7 security advisory
Stealth malware steals jailbroken iPhone data
Adobe sneaks out mega security patch
nicholassimon (not verified)
If you are interested in learning more about some of the better and safer alternative browsers out there (NOT Opera or Safari etc.) then you might want to check out this post detailing 7 of the better browsers available for free on the
internet: http://ninjarabbits.blogspot.com/2009/11/alternative-web-browsers.html
NameCaller (not verified)
propaganda? to have more people upgrade browser? i wonder why people still refuse to upgrade browser in the first place? and why the hell does microsoft still support past versions...
watchthisspace (not verified)
Well hopefully more people jump onto IE8 or alternative web browsers.