Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ars article links to Malwarebytes but Ars article is better. The headline is better, it's most interesting that they run code from svg. Ars also adds context how the same hole was also used before to hijack Microsoft accounts and also by the Russians. Whereas Malwarebytes is mostly about pornsite clickjacking to like Facebook posts (and complains about age verification). However it has a bit more technical details too. Read both I guess?


What's the hole? Neither appear to say.


I guess that obfuscated JS in SVG runs? Then it downloads the script that does shady stuff


That does not explain exactly what is wrong. The site could already run JS. It did not need SVG to do it.


Yeah I guess the original article is not clear on that. Other cases usually involved email but this is not




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: