Using Internet Explorer has always been risky business for its diehards, as despite falling from grace as the world’s most popular browser, the fact that it was always pre-installed with Windows practically guaranteed that those who used it were less likely to be security concious — which in turn made it a boon for malware makers. That trend continues to this day, as HP has turfed up four new bugs that affect the mobile version of the Microsoft browser.
Discovered by HP’s TippingPoint division, the bugs were originally reported to Microsoft six months ago, giving the software giant fair warning in fixing them before it made the flaws public. However all of them still exist to this day and though Microsoft initially asked for an extension on its grace period to fix the flaws, HP decided to waive that option and has unveiled the bugs for all to see.
Related: Microsoft to axe Internet Explorer
Each of the four exploits allow for the remote execution of code on a user’s smartphone, even if their version of Internet Explorer is fully patched and updated. They would need to visit specific sites with the browser to contract the malware, but once infected, clearing them out isn’t easy.
Microsoft has issued a statement on the matter, saying that it was “aware of the reports regarding Internet Explorer for Windows Phone. A number of factors would need to come into play, and no attacks have been reported. We continue to monitor the situation and will take appropriate steps to protect our customers.”
While some have questioned as to why the company hasn’t fixed up these problems, Ars suggests that it may be that Microsoft instead wanted to focus on fixing problems that arose from the Hacking Team revelations earlier this month. Though that doesn’t explain why it didn’t act months ago when the faults were originally raised.
- Nowhere is safe now that AMD has suffered its own Meltdown
- From pranks to nuclear sabotage, this is the history of malware
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Hackers can bypass the Windows 10 S lockdown due to security flaw
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs