Seemingly innocentwidgets(or gadgets) are exposing computer users to a whole host of
attacks.
The warning is covered in Finjan's third quarter
Web Security Trends
Report and is a potential blow to those firms planning to adopt
such
Web 2.0 applications.
Widgets add functions to websites and applications, but can also
contain code that is vulnerable to exploits by hackers and
criminals.
Security software firm Finjan's research suggests that new
attacks that exploit the insecurities of widgets are imminent, and
that a revised security model should be explored in order to keep
users protected from such attacks.
All types of widget environments - OS, third party applications
and web widgets - were found by Finjan to be plagued with
inadequate security models that allowed malicious widgets to
run.
In addition, Finjan has found vulnerable widgets that were
already available - some in the default installation - in the
widget environment. These findings have already prompted Microsoft
and Yahoo to issue security advisories and patches to address
security issues, said Finjan.