Tuesday, April 29, 2014

Internet Explorer Security Flaw

Microsoft Security Advisory 2963983:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

BBC News:

However, the issue may be of special concern to people still using the Windows XP operating system.

That is because Microsoft ended official support for that system earlier this month.

It means there will be no more official security updates and bug fixes for XP from the firm.

[…]

About 30% of all desktops are thought to be still running Windows XP and analysts have previously warned that those users would be vulnerable to attacks from cyber-thieves.

Along the same lines, Apple is not fixing its recent FaceTime bug for iOS 6:

If you’re not fond of iOS 7’s design, but value FaceTime, it looks like you’ll finally have to give in. This FaceTime issue began earlier in April and gained recognition thanks to a lengthy forum thread in Apple’s Support Communities. The bug appeared after another mysterious issue that prevented first generation Apple TV units from connecting to Apple’s iTunes store.

5 Comments

iOS 6: That may have to do with there not being an interface for choosing to update to the most recent version of iOS 6 or to iOS 7 (or even iOS 8 when that arrives). It's always straight to the latest version your device can support, no backsies. If they have to update the software on the device rather than in the server I'm not sure how they could offer a patch within the confines of the existing version.

Jesper is right. Apple did fix the bug for devices that can't update to ios 7. There's just no way to insert a new version in the middle.

The XP analogy to Apple is probably better made by noting the lack of critical software updates to Snowy, rather than to iOS, no?

(I've had to abandon Safari as my JavaScript browser and move to Chrome, which isn't too big a deal for me since I do the overwhelming bulk of my browsing in OmniWeb with JavaScript disabled. But still...)

Richard Buckle

Still waiting for the FaceTime protocol to be made public as Jobs initially promised.

(Not really.)

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment