IE zero-day under active attack gets emergency patch

by
Dan Goodin
from Ars Technica - All content on (#4R105)
caution-800x534.jpg

Enlarge (credit: Michael Theis / Flickr)

Microsoft has released two unscheduled security updates, one of which patches a critical Internet Explorer vulnerability that attackers are actively exploiting in the wild.

The IE vulnerability, tracked as CVE-2019-1367, is a remote code execution flaw in the way that Microsoft's scripting engine handles objects in memory in IE. The vulnerability was found by Cli(C)ment Lecigne of Google's Threat Analysis Group, which is the same group that recently detected an advanced hacking campaign that targeted iPhone users. Researchers from security firm Volexity later said the the attackers behind the campaign also targeted users of Windows and Android devices. It's not clear if the IE vulnerabilities Microsoft is fixing now have any connection to that campaign.

Monday's advisory said attackers could exploit the vulnerability by luring targets to use IE to visit a booby-trapped website.

Read 5 remaining paragraphs | Comments

index?i=LE8GhcVCu4M:nuaf_8lnE64:V_sGLiPB index?i=LE8GhcVCu4M:nuaf_8lnE64:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments