Microsoft Internet Explorer security flaw could put users at risk
In terms of market share, Internet Explorer remains the top web browser thanks to being the default on Windows and average users not knowing any better. Those with a lean towards technology frequently use alternatives like Chrome and Firefox. This was a major problem in the days of IE 6, but Microsoft has improved its offering with each iteration.
But no software is perfect and security holes are found on a regular basis. This time it seems Microsoft's browser has a major one. The flaw that has been discovered can be used to exploit users via phishing attacks and malicious code insertion.
Security researcher Graham Cluley reports "The bug, which works on Internet Explorer 11 running Windows 7 or Windows 8.1, is a universal cross-site scripting (XSS) vulnerability, and bypasses what is known as the Same-Origin Policy".
Same Origin Policy is used to protect the browser from malicious code injection. Swati Khandelwal of The Hacker News describes it this way -- "SOP actually prevents one site from accessing or modifying the browser properties, such as cookies, location, response etc, by any other site, ensuring that no third-party can inject code without the authorization of the owner of the website".
The flaw was discovered by David Leo, who posted details along with a proof-of-concept. The flaw apparently only affects Internet Explorer 11, but given that version runs on both Windows 7 and Windows 8.x, it leaves a lot of people potentially vulnerable.
So far, there are no actual reports of this in the wild. If you are using Microsoft's browser then consider making the move to another -- until a fix is found for it.