Adblock could be used as an exploit for 100 million PCs
#1
Serious vulnerabilities have been found in popular plug-ins that block ads on the web. As noted by cyber security expert Armin Sebastian, cited by Techradar, the problem concerns, among others Adblock, Adblock Plus and uBlock. The discovered ailment lies with the new filter introduced into the Adblock Plus plug-in version 3.2, which premiered in July 2018, and was then introduced to other solutions developed by eyeo GmbH. It is not known how many users are vulnerable, and whether anyone has exploited this vulnerability. The new mechanism is used to reformulate queries, it is used to remove tracking code and bypass mechanisms that prevent ads from being hidden. Check the pages you visit to make sure they are safe, use the free noriskwebsite website scanner.

[Image: Jx5a7O4.jpg]

Sebastian told Techradar that under certain conditions the "$ rewrite" function used since July 2018, including in Adblock Pro allows filter list maintainers to inject arbitrary code onto websites of users of this type of add-ons, which in the worst-case scenario may result in a full takeover of the computer. It is worrying that this property was described by the researcher as very simple to use. The above-mentioned plugins have over 100 million active users. At the time of gaining control over the said mechanism, cybercriminals could gain access to a real vein of gold in the form of millions of computers scattered around the world, which can be used as cryptocurrency excavators.

[Image: UClbwtv.jpg]

The researcher also noted that the exploit can be used in all the most popular browsers on the market, as well as in many websites that meet the criteria specified in the entry on his blog, among which you can find, among others services developed by Google. Sebastian reported that the problem does not only concern ad blocking extensions, but also dozens of vulnerabilities found in popular internet services that can be used to steal valuable data, such as login details. According to eyeo GmbH, the problem was noticed by it in the past, although the use of vulnerabilities was to be so complicated that the solution was still used. "Despite the risk, which is actually very low, we decided to remove the faulty function and publish the updated version of Adblock Plus as soon as possible," says the statement.
Quote


Possibly Related Threads...
Thread Author Replies Views Last Post
  The virus encrypts the hard drive until PewDiePie exceeds 100 million subscriptions admin 0 638 03-24-2019, 01:25 PM
Last Post: admin



Users browsing this thread: 1 Guest(s)