Click here to sign up for our newsletter & receive a £5 voucher![close]
×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Internet Explorer Flaw Exposes Everything You Type In The Address Bar

IE

Well this is unsettling news—a security researcher has discovered a bug in Microsoft's Internet Explorer browser that allows remote hackers to view anything and everything you type in the address bar, including web addresses, search terms, and any other text. If you are still using IE as your browser of choice, be advised that the vulnerability exists on the latest version.

This is a potentially big deal as nearly a third of all desktop users still surf the web with IE, according to data by Net Applications. Stat Counter reports a much lower usage at 8.61 percent, but either way, IE is still in use today.

IE Search Exploit

The flaw was discovered by Manuel Cabellero, who outlined the proof-of-concept in a blog post. "When a script is executed inside an object-html tag, the location object will get confused and return the main location instead of its own. To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker," he explains.

This could be anything, from web addresses of sites you would not want others to know you are visiting, to search queries that could reveal a little more about yourself than you bargained for.

[embedded content]

The good news is that Microsoft is aware of the flaw and is working a fix.

"Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule," Microsoft told Arstechnica.

In the meantime, IE users who do not want to risk having their address bar text shared with a malicious website should consider using a different browser, such as Edge, Chrome, or Firefox.

Top Image Source: Flickr (Jorgen Kesseler)

Go to Source