Web browsers are susceptible to vulnerabilities. Attackers always explore different web browsers and applications to detect and exploit security flaws. All popular web browsers are susceptible to vulnerabilities. Recently, security researchers at Vupen have identified critical vulnerability in Opera Web Browser. The vulnerability has been identified as an integer truncation error in opera.dll. The vulnerability occurs when select html files containing large number of child elements are processed by the browser. An attacker may exploit the integer truncation error vulnerability by luring unwary users to view a specially crafted but malicious web page. Once a user accesses or visits the infected web page, an arbitrary malicious code gets executed in the computer system. The successful execution of the malicious code allows an attacker to gain unauthorized access and complete control of the affected computer system.
The security bug was first identified by security researcher Jordi Chancel, who exploited the browser to crash the browsers. Security researchers at Vupen, who made further assessment of the vulnerability, developed an exploit to inject and execute malicious code. Opera web browser is popular among mobile users and is also used as a desktop browser. Some gaming systems also use Opera web browser. Lack of awareness of security fundamentals and threats in the computer and mobile environment make users susceptible to such attacks.
The integer truncation error vulnerability affects Opera 11.00 and prior and Opera 10.63 and prior versions for Windows 7 and Windows XP Service Pack 3. The vendors of the product are yet to issue any security patch for the product. Users must be wary of visiting suspicious web pages, downloading suspicious files and clicking on suspicious links. E-learning modules, online training videos and tutorials may be used to create awareness among users on different forms of security threats.
The risk profile in the IT environment has risen considerably and has significant implications on businesses. Security awareness education for employees may help them in better handling of devices, applications and computer systems. Developers must conduct in-depth assessment of their products at regular intervals for identification and timely redressal of vulnerabilities.