Yesterday, ad analytics company Spider.io said that Internet Explorer is vulnerable to a simple hack that enables attackers to see what your mouse is doing onscreen — even when IE is minimized. Users don’t have to download, install, or even agree to any onscreen prompt — the attack vector is a simple banner ad on virtually any site on the web.
Today a Microsoft representative told VentureBeat that it’s investigating the issue:
We are currently investigating this issue, but to date there are no reports of active exploits or customers that have been adversely affected. We will provide additional information as it becomes available and will take the appropriate action to protect our customers.
The vulnerability affects new and old versions of Internet Explorer, from version 6 to the current 10, and Spider.io said that at least two display ad analytics companies were already using it across billions of webpage impressions each month.
Spider.io also said that it informed Microsoft of the vulnerability almost two months ago.
If you’re using Internet Explorer, a simple way to protect yourself online is to simply enter nothing at all in a virtual, onscreen keyboard. At least until Microsoft issues a fix or determines that this is not actually a security problem.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.