X

Security researchers warn of LinkedIn exploit

Security researchers discover critical vulnerabilities in LinkedIn IE toolbar, further raising concerns malicious attackers may use a published working exploit to take advantage of the flaws.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto

Sometimes, it pays not to be linked in. Ignorance is bliss.

Security researchers are reporting a public exploit has been designed that could take advantage of critical security flaws in the LinkedIn Internet Explorer Toolbar.

The vulnerabilities do not apply to the Linkedin.com Web site, only the LinkedIn IE toolbar.

Users of the LinkedIn social-networking site that have the IE toolbar installed on their computers could be at risk of a remote attack, should they visit a malicious Web site, according to a posting by VDA Labs' Jared DeMott and Justin Seitz, who discovered the flaws.

The security flaws stem from an error within the IEToolbar.IEContextMenu.1, when it handles the search method, noted security researcher Secunia, which listed the vulnerabilities "extremely critical" in its advisory.

The security flaws are found in LinkedIn version 3.0.2.1098, but other versions may also be affected, Secunia warns.

Users can try setting the kill-bit for the affected ActiveX control as one means to solve the problem.

A spokeswoman for LinkedIn says the social networking site takes public exploit seriously and the company is working on a solution. She notes there are currently no reports of malicious exploits.

UPDATED: Thursday, 2:18 p.m.

LinkedIn has issued a security patch for the LinkedIn Internet Explorer Toolbar. The patch was automatically pushed to users' systems.