An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks.
The flaw, which has not yet been patched, has been used in "limited, targeted attacks," Microsoft said Friday in an update to its security advisory on the issue.
Google concurred, and offered a few more details. "We've noticed some highly targeted and apparently politically motivated attacks against our users," Google said in blog post. "We believe activists may have been a specific target. We've also seen attacks against users of another popular social site."
The attack is triggered when the victim is tricked into visiting a maliciously encoded Web page -- what's known as a Web drive-by attack. It gives the attacker a way of hijacking the victims browser and accessing Web applications without authorization.
The flaw lies in the Windows mshtml.dll software library used by Internet Explorer, and affects all currently supported versions of Windows.
More: http://www.computerworld.com/s/article/9214259/
The flaw, which has not yet been patched, has been used in "limited, targeted attacks," Microsoft said Friday in an update to its security advisory on the issue.
Google concurred, and offered a few more details. "We've noticed some highly targeted and apparently politically motivated attacks against our users," Google said in blog post. "We believe activists may have been a specific target. We've also seen attacks against users of another popular social site."
The attack is triggered when the victim is tricked into visiting a maliciously encoded Web page -- what's known as a Web drive-by attack. It gives the attacker a way of hijacking the victims browser and accessing Web applications without authorization.
The flaw lies in the Windows mshtml.dll software library used by Internet Explorer, and affects all currently supported versions of Windows.
More: http://www.computerworld.com/s/article/9214259/