|29 Jun 2013||#1|
| || |
One-click/key attack forces IE and Chrome to execute malicious code
A researcher says he has uncovered a security weakness that can easily trick people into executing malicious code when they use the Microsoft Internet Explorer and Google Chrome browsers to visit booby-trapped websites.
The attack was recently presented at the Hack in the Box security conference by independent security researcher Rosario Valotta. It exploits weaknesses in the way browsers notify users when they execute operating-system-level commands, such as printing or saving. He said the attack works against Windows 7 and Windows 8 users running IE versions 9 and 10 when they enter either one or two characters while visiting a malicious website. Windows 8 machines running Chrome can be forced to execute malicious code when users click on a single HTML button on a malicious page, such as "Play" for a video or a Facebook "Like." Windows provides some protection against this social engineering attack, but Valotta said attackers can often bypass those defenses.
|My System Specs|
|Similar help and support threads for2: One-click/key attack forces IE and Chrome to execute malicious code|
|Malicious Chrome extensions on the rise||Security News|
|How do I program a key on my keyboard to execute a left click?||Hardware & Devices|
|Shell Execute Failed Code on Network File ?||Software|
|Report: malicious PDF files becoming the attack vector of choice||Security News|
|Attack Toolkits and Malicious Websites||Security News|
|Chrome Outpaces Firefox and Opera, Forces IE Under 60%||Browsers & Mail|
|Alert:Threat Type: Malicious Web Site / Malicious Code||Security News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 10:35 PM.