December 6, 2005 4:56 PM PST
Google Desktop tweaked to block attackers
The IE bug was disclosed late last week by Matan Gillon, a security researcher in Israel. He found a way to steal information from unwitting Google Desktop users by exploiting the Web browser flaw.
"We did make an adjustment to the product to help protect users," Google representative Sonya Boralv said Tuesday. "We made the adjustment on our end. Users don't need to download a patch or take any action."
The bug in IE allows an attacker to retrieve private user data or execute operations on the user's behalf from remote domains, Gillon wrote in his description of the attack method. He crafted a Web page which, when viewed in IE on a computer with Google Desktop installed, used the search tool and returned results for the query "password."
A test of the proof-of-concept page created by Gillon confirmed on Tuesday that the attack no longer works.
Microsoft on Friday said it was investigating the IE bug. The company has said it might issue a security update or an advisory on the problem.