Microsoft is investigating a possible flaw in its Internet Explorer Web browser that allegedly enables attackers to track users' mouse cursor anywhere on the screen, even if the browser window isn't in use.
The alleged flaw, which security firm Spider.io says it discovered a few months ago, compromises the security of virtual keyboards and virtual keypads in all supported versions of the browser since IE6, the security firm reports.
"As long as the page with the exploitative advertiser's ad stays open -- even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer -- your mouse cursor can be tracked across your entire display," the security firm said in a statement.
Even the security-conscious are at risk of having their cursor movements recorded, Spider.io warned. "An attacker can get access to your mouse movements simply by buying a display ad slot on any Web page you visit," the security firm warned, adding that any site from YouTube to The New York Times would be a possible attack vector due to ad exchange activity.
At least two display ad analytics companies are exploiting the suspected vulnerability (see video below demonstrating the issue) to see what people are looking at online, Spider.io said.
The security researcher said it informed Microsoft of the issue on October 1 but that the software giant doesn't a... [Read more]
No comments:
Post a Comment