Browser Security News

A recent string of high-profile ActiveX vulnerabilities caused the U.S. Computer Emergency Readiness Team (US-CERT) to advise users to disable the ubiquitous Microsoft browser plug-in technology altogether. The vectors for these recent exploits include a third-party image uploading tool used on both the Facebook and MySpace social networking sites, and flaws found in Yahoo’s Music Jukebox, Real Networks’ RealPlayer, and Apple’s QuickTime.

“We’re seeing an increase in exploits aimed at these types of tools that are commonly used with a variety of technologies including social networking sites and multimedia players. As online crime becomes more prominent, malicious actors are taking advantage of these types of vulnerabilities to accomplish their objectives," said a spokesman at the U.S. Department of Homeland Security, which oversees the US-CERT. Be prepared: ActiveX attacks will persist | InfoWorld | Analysis | 2008-02-19 | By Matt Hines