For all the improvements that the Internet Explorer browser have gained with each new version, it appears there is one ugly security flaw that affects the browser from IE6 to the latest IE10. A security firm discovered this vulnerability in October, where an attacker can track users’ mouse cursor, even if Internet Explorer isn’t actively in use (i.e. minimized, background, or using another tab).
It appears this vulnerability can be exploited by an attacker simply by buying ad space on a website that the user accesses, and as long as that website is open the user’s cursor can be tracked. What’s more, the security firm that uncovered the flaw, Spider.io, have revealed that the vulnerability is already being exploited by advertisers, with at least two ad analytics companies involved.
One major implication is that this vulnerability compromises the security of virtual keyboards and keypads that are sometimes used by online banking firms.
However, Microsoft has denied that the vulnerability is “adversely affecting” customers – without denying that the flaw has been exploited. At the end of October, the company completed its analysis on the vulnerability, but concluded that the flaw was not critical enough for an immediate security update, but only for a “next version” fix – indicating that the flaw may have been blown slightly out of proportion.
Nevertheless, it is highly advisable to close all unnecessary tabs on IE when browsing sensitive sites such as online banking or shopping sites. Or, you know, use a different browser.