Opera vulnerability shows all web browsers could be insecure, says Idappcom

News

Opera vulnerability shows all web browsers could be insecure, says Idappcom

Warwick Ashford

The latest zero-day vulnerability in the Opera Web browser highlights the fact that all Web browser clients are insecure by nature, says security services firm Idappcom.

Haywood said the latest Opera vulnerability allows potential attackers to execute arbitrary code remotely.

The flaw was discovered by French security researcher Jordi Chancel, who disclosed it earlier this month and classified the problem as an integer truncation error.

Although Opera is relatively low-profile and has a select user base, it still represents millions of users, said Anthony Haywood, chief technology officer at Idappcom.

Opera is popular among users of smartphones and netbooks and is attractive to cybercriminals because hackers can start exploring what appears to be virgin territory as far as vulnerabilities are concerned, he said.

According to Haywood, the most important thing to realise about web browser client software is that it is designed to access a variety of websites, typically using Port 80 for regular HTTP access, and Port 443 for HTTPS access.

"With so many IP ports available, this might sound a small IP profile to deal with from a security perspective, but the problem is that there is a growing number of non-standard applications that use Port 80 across the internet, meaning that a web browser client must be able to support these features," he said.

Any software that uses Port 80 across the internet has to be viewed as a potential security issue and users, especially IT managers, need to be aware of this fact, said Haywood.

"The bottom line to this latest browser flaw is that internet software users need to install multiple layers of security defence, and ensure their software - and their security knowledge - is as up-to-date as possible," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy