We had less than 72 hours from the time he notified us to when he posted information [about the vulnerability].
We need time to investigate and understand the issue before we can determine whether it does qualify for the bug bounty. Our priority in these cases is to investigate the issues and work with the security team to develop fixes first.
This exploit was published after we released the 1.5.0.1 update. Most of our users had already been upgraded by the time this exploit was published.
As soon as we got the report that users might be impacted, we began evaluating our options. We're releasing as soon as we possibly can.
IE 7 is a pretty good catch-up. But it does some funny things with tabs and the UI that I don't understand why they did it.
It's going to render your web pages faster, and the automatic update feature will make sure your browser is always up to date. As a user you will notice the difference with this new version.
This is part of our regular, two-month upgrade cycle, and deals in part with eight vulnerabilities identified by us and our users.
With these things, it's hard to determine the exact nature of what happened. We don't believe that people were successful in getting any of that personal or sensitive information, but we're erring on the side of caution.
Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download.
Copyright © 2024 Electric Goat Media. All Rights Reserved.