Friday, September 29, 2006

WebViewFolderIcon setSlice exploit in the wild

Hi folks,

There are two events worth reporting tonight. Some time today, a new version of this exploit was made available to the public in the usual places, but more importantly, this evening we found a slightly different version in the wild. As of the moment that we're writing this, it's not completely clear how well it works, but it's on at least one site renowned for using stuff that works, so they obviously think it does. Of course, SocketShield blocks it fine.

Even in the unlikely event that it doesn't work, we can expect it to be soon corrected. These guys have big lists of fairly innocent lure sites, so please watch out.



Post a Comment

<< Home