eBay Platform Exposed to Severe Vulnerability

Toggle sidebar Toggle sidebar
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
618
121
Check Point has discovered a severe vulnerability in eBay’s online sales platform. This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely to execute malicious Java script code on targeted eBay users. If this flaw is left unpatched, eBay’s customers will continue to be exposed to potential phishing attacks and data theft.
An attacker could target eBay users by sending them a legitimate page that contains malicious code. Customers can be tricked into opening the page, and the code will then be executed by the user’s browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download.
After the flaw was discovered, Check Point disclosed details of the vulnerability to eBay on Dec 15, 2015. However, on January 16, 2016, eBay stated that they have no plans to fix the vulnerability. The exploit Demo is still live.
Click to expand...


http://blog.checkpoint.com/2016/02/02/ebay-platform-exposed-to-severe-vulnerability/


This is a serious security threat and a breech of trust between eBay and its users. Tell everyone you know to be careful shoping on eBay with a smartphone.
 
KeithP

KeithP

Diamond Member
Jun 15, 2000
5,664
201
106
John Connor said:
Tell everyone you know to be careful shoping on eBay with a smartphone.
Click to expand...

From http://arstechnica.com/security/201...-severe-bug-that-allows-malware-distribution/
As the proof-of-concept exploit in the video above demonstrates, exploits require some element of social engineering, mostly in the form of a dialog box that instructs a user to OK the installation of a malicious app.
Click to expand...

It might be better, as a general warning, to tell everyone not to install random apps they know nothing about.

-KeithP
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom