Microsoft has been campaigning to improve Internet Explorer's public image—and it's got a long road ahead if security oversights like this one keep popping up. According to Wired, a new exploit could allow malicious websites to track your mouse movements across the screen. All versions of IE from 6.0 on up are affected.
Don't believe us? Just load up this harmless proof-of-concept demo in Microsoft's browser. Or watch the video embedded below, which shows cursor movements being relayed even when they occur outside the browser:
The flaw was discovered by web analytics firm Spider.io, which reportedly alerted Microsoft back in October. Microsoft's response was... less than encouraging. "The Microsoft Security Research Centre recognises that there is a vulnerability but has said that there are no immediate plans to patch it," according to Wired.
As Wired points out, the exploit could be used to gather online banking log-ins, since some banking sites use on-screen keypads in an attempt to thwart keyloggers. Simply tracking cursor movements may not be a huge help, of course—to do any real damage, you'd probably need other malware to relay what's being displayed on the screen. Still, it would be nice if IE wasn't a potential participant in that kind of thing. Here's hoping Microsoft addresses the issue sooner rather than later.
|1. Ryszard - $603||2. Hdfisise - $600||3. Andrew Lauritzen - $502|
|4. Redocbew - $350||5. the - $306||6. SomeOtherGeek - $300|
|7. chasp_0 - $251||8. Ryu Connor - $250||9. mbutrovich - $250|
|10. aeassa - $175|
|Apple's A9 impresses and the Nexus strikes back: The TR Podcast 188||30|
|Microsoft acquires Havok physics engine from Intel||83|
|AMD unleashes mobile Tonga with the FirePro W7170M||13|
|Deals of the week: Crucial's MX200 500GB SSD and more||11|
|Report: TSMC makes around 6 in 10 Apple A9 SoCs||19|
|Mobile Quadros bring Maxwell to 15" and 17" workstations||4|
|Report: Amazon to halt sales of Chromecast and Apple TV||41|
|The Tech Report Podcast is live on Twitch||2|
|A billion Android devices could be vulnerable to Stagefright 2.0 bug||50|