“We tried different kinds of HTML elements: img, form, script, object, frame, framset, iframe, sound, video (this last two where funny). Combined with iframes, attackers could leverage the vulnerability to execute arbitrary code on the victim”s device. Security researchers Iván Ariel Barrera Oro, Alfredo Ortega and Juliano Rizzo accidentally triggered the vulnerability while exchanging URLs that contained various XSS (cross-site scripting) payloads. A recent vulnerability in the Signal messaging application that enables encrypted communication between parties, could have enabled attackers to arbitrarily remotely execute code on the victim”s device without any user interaction.
0 Comments
Leave a Reply. |