Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fully patched Internet Explorer for smartphones menaced by whopping 4 code-execu


  • Please log in to reply
1 reply to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 22,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 AM

Posted 23 July 2015 - 07:23 PM

Researchers at an HP security division have publicly detailed four code-execution vulnerabilities that can be used to hijack end-user smartphones running the latest versions of Microsoft's Internet Explorer browser.

The disclosures earlier this week came more than six months after researchers from HP-owned TippingPoint first privately reported the bugs to Microsoft security engineers. According to the advisories published hereherehere, and here, Microsoft officials acknowledged the bugs and in each case asked for an extension beyond the four months TippingPoint officials normally wait before publicly disclosing vulnerabilities. All four of the extensions expired Sunday, leading to the public disclosure of the bugs.

It remains unclear why Microsoft hasn't issued fixes. TippingPoint alerted Microsoft to three of the vulnerabilities in January and one of them last November. A Microsoft spokesman told Ars he was looking in to the matter.

Update:Microsoft has issued a statement that says: "We're aware of the reports regarding Internet Explorer for Windows Phone. A number of factors would need to come into play, and no attacks have been reported. We continue to monitor the situation and will take appropriate steps to protect our customers."

All four of the bugs allow attackers to remotely execute malicious code on end-user mobile devices when they use fully patched versions of IE to visit booby-trapped websites. The bug reported in November also includes a version of IE that runs on Windows Phone

 

Article



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:06:23 PM

Posted 23 July 2015 - 08:09 PM

Its clear that if they dont fix something after 4 months then someone or an agencie is tellign them not to fix the issue, this takes me back to the Hacking Team exploits being used.

i would assume either the FBI, CIA or NSA are telling them not to fix it, << Puts tin foil hat on again!!!!.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users