IE 4 for Mac has crypto bug
The strong-encryption version of IE 4.0 for Mac has a glitch that doesn't allow surfers to access sites that use Secure Sockets Layer.
Released earlier this month at the Macworld conference, the strong-encryption version of IE 4 for Mac has a glitch that doesn't allow surfers to access sites that use Secure Sockets Layer (SSL), a type of encryption protocol common to transactions over the Web. Because the bug doesn't even allow a user to get to such a site, there is no danger of losing private information such as a credit card number, Microsoft representatives said.
"This is not a security hole, and there is no data compromised," said product manager Chris Carper.
The bug occurs only in the version of IE 4 for Mac that supports 128-bit encryption, a stronger level of encryption that American companies can't export without federal approval. Therefore, the bug should mostly affect U.S. users of the product, Carper said. He did not know how many people have downloaded the 128-bit version since the product's release.
When a user with the buggy browser visits a site with either SSL version 2 or 3, he or she will only see a blank screen, a result of being denied access by the server, Carper said. Access is denied because of a problem in Microsoft's implementation of triple DES, a particular type of 128-bit encryption.
A patch will be posted on the Microsoft Web site by Monday, Carper said.