Skip to main content

McAfee: 'IE exploit is now in the public domain'

Internet Explorer - a sea of bad PR
Internet Explorer - a sea of bad PR

The company that led the investigation into the Internet Explorer hack from China that sparked the Google controversy has confirmed that details of the exploit have been published online.

The exploit has already led to Microsoft urging its customers to upgrade from IE6, but the McAfee – the company that was pulled into investigate – has now confirmed that the code used in 'Operation Aurora' is now online.

"Unfortunately, the risk has been compounded because the attack code that exploits this Internet Explorer vulnerability has now been posted in the public domain, increasing the possibility of widespread attacks," says a McAfee release.

Of course, the message form the computer security company is 'use our computer security' but the underlying threat of the compromise is clear.

Government attacks

McAfee described the attack back when it confirmed that IE had been one of the vectors as similar to the high-cost narrow target attacks on government and critical data.

"We have never seen attacks of this sophistication in the commercial space," said Dmitri Alperovitch, a Vice President of Research with McAfee.

"We have previously only seen them in the government space."