An independent internet security researcher has revealed that an unpatched vulnerability across all versions of Microsoft’s web browser Internet Explorer (IE) running on any version of Microsoft’s Windows operating system can lead to attacks wherein credentials used in web browsing to access Facebook, Twitter and Gmail accounts are stolen. What’s more, Rosario Valotta, an Italian security expert, says that although his proof of concept code exploits cookies used to access Facebook, Twitter and Gmail accounts, a crafty attacker can possibly exploit the vulnerability to gain access to cookies for virtually any website. In a method he calls “cookiejacking”, Valotta said that the method can be used for “any website” and “any cookie” and that the “limit is just your imagination”, a report from Reuters says. According to the internet security researcher, using the exploit, an attacker can hijack an IE “cookie” which holds credentials to gain access to accounts. Valotta demonstrated his proof of concept code at a security conference held in Amsterdam last week, a report from U.K.’s The Register says.
According to the report, an attacker can use a special iframe tag which is embedded onto a malicious website to take advantage of the exploit. “The attack exploits a vulnerability in the IE security zones feature that allows users to segregate trustworthy websites from those they don’t know or don’t ever want to access,” the publication reports.
LINK TO OUR HOME PAGE :