in

IE zero-day under active attack gets emergency patch

Enlarge (credit: Michael Theis / Flickr)
Microsoft has released two unscheduled security updates, one of which patches a critical Internet Explorer vulnerability that attackers are actively exploiting in the wild.
The IE vulnerability, tracked as CVE-2019-1367, is a remote code execution flaw in the way that Microsoft’s scripting engine handles objects in memory in IE. The vulnerability was found by Clément Lecigne of Google’s Threat Analysis Group, which is the same group that recently detected an advanced hacking campaign that targeted iPhone users. Researchers from security firm Volexity later said the the attackers behind the campaign also targeted users of Windows and Android devices. It’s not clear if the IE vulnerabilities Microsoft is fixing now have any connection to that campaign.
Monday’s advisory said attackers could exploit the vulnerability by luring targets to use IE to visit a booby-trapped website.
Read 5 remaining paragraphs | Comments


Source by [author_name]

What do you think?

0 points
Upvote Downvote

Written by Miami News

MAC One Hit & Beck and Call Matte Lip Mousses Reviews & Swatches

Renovation project – Brest university hospital