Internet Explorer is still one of the most used browsers in the world. The fact that it comes pre-installed on both the desktop version of Windows and Windows Phone means that it is probably the default browser for many – and makes it a very lucrative target for hackers. HP has now revealed four bugs that specifically impact the mobile version of the browser found on Windows Phone.
These exploits, first discovered by HP’s TippingPoint division, allow for the remote execution of code on a smartphone, even if the browser is fully updated. You’re only vulnerable to attacks on specific sites but once they’ve taken hold, it’s very hard to clear them.
HP had reported these to Microsoft almost six months ago but the company has still not fixed the issue. They did ask for an extension of the 6 month grace period before HP made these vulnerabilities public but their OEM partner has refused the request and has published the exploits.
Microsoft did say that it was “aware of the reports regarding Internet Explorer for Windows Phone” but that “…no attacks have been reported.” With Windows 10 Mobile and the Edge browser not coming for at least a couple of months, most users of Windows Phone will still be using Internet Explorer as the daily driver on their smartphone and will likely be vulnerable to these exploits until Microsoft issues a patch.