Print
Researchers may have discovered that 637 million users are running outdated browsers, but when it comes to handling iFrame-based attacks, it doesn't matter how up to date your copy of Internet Explorer is: ZDNet's Zero Day security blog reports that exploit code is now available online to demonstrate how to perform malicious attacks against IE7 as well as IE6 and even IE8 beta 1.
The exploit code can take over an inline frame (an iFrame is an HTML element that enables the embedding of one HTML document inside another one) and subsequently capture keystrokes. Imagine the implications for online banking, e-commerce, and other "secure" uses of the Web. Scary!
The full US-CERT advisory is available here, and you can try a harmless proof-of-concept from a link here. For more about how iFrame attacks work, see this April 2008 article from UK's Guardian.
Have you been hit by an iFrame exploit? Do you avoid frames in websites? Tell us about it!
Image courtesy of Zero Day.
Comments are closed on this article
