(credit: Check Point Software)
eBay has no plans to fix a “severe” vulnerability that allows attackers to use the company’s trusted website to distribute malicious code and phishing pages, researchers from security firm Check Point Software said.
“An attacker could target eBay users by sending them a legitimate page that contains malicious code,” Check Point researcher Oded Vanunu wrote in a blog post published Tuesday. “Customers can be tricked into opening the page, and the code will then be executed by the user’s browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download.”
Read 6 remaining paragraphs | Comments