Microsoft has already confirmed that it’s working on a patch to fix the recently-discovered security flaw that allows attackers to track mouse position, but the company has also explained that compromising users’ data is “theoretical” and “hard to imagine.”
Spider.io, the web analytics company that reported the vulnerability, says that it’s actually fairly simple to exploit this flaw, as it doesn’t require “serving an ad to a site that asks for a logon,” as the Redmond-based technology company said in its blog post.
In addition, the company has also explained its decision to go public with the flaw, emphasizing that it actually contacted Microsoft before disclosing it.
Microsoft, on the other hand, said this flaw is not important and an update for it would only be released in the next version of the browser.
“We made clear our belief that the Internet Explorer vulnerability was both significant and that its e xploitation by an analytics company would suggest a disregard for user privacy and for the security efforts of browser vendors. Our suggestions were ignored by all the relevant parties as not being important,” the company explained.
Security companies have already reacted to news regarding a new security flaw in Internet Explorer, with Sophos recommending users to stop using Microsoft’s browser until a patch is released.
“In the meantime, while we're waiting for a possible fix, the best solution - if you are worried about this flaw - is to use a different browser than Internet Explorer,” Lisa Vaas of Sophos said.
Via: Hacking Internet Explorer Isnt so Hard to Imagine Web Analytics Firm
Tidak ada komentar:
Posting Komentar