Google Inc. has made an "adjustment" to its Google Desktop application
to protect users from an unpatched design flaw in Microsoft Corp.'s
Internet Explorer browser. The bug, which was
discovered and reported
by Israeli hacker Matan Gillon, provides malicious attackers with an
easy way to use Google Desktop or other Internet-facing applications to
covertly hijack user information.
"We have made an adjustment to the product to help protect users," said Google spokesperson Sonya Boralv. She declined to provide details on the extent of the Google Desktop modifications. Boralv said users aren't required to take any action to get
protected because the changes were made "on our end" to block the
remote access attack vector.According to Gillon's public advisory,
which included a proof-of-concept exploit, the flaw exists on fully
patched IE browsers with default security and privacy settings.
News source: eWeek