Four code-execution bugs found in Internet Explorer 11 for Windows Phone have been publicly disclosed by an HP-owned security division called TippingPoint. The division previously revealed the vulnerabilities privately to Microsoft, but so far it has not yet fixed the bugs.
Ars Technica reports that all four bugs could allow hackers to remotely access malicious code if an IE11 user on Windows Phone goes to a malware-infested website. The bugs were first disclosed to Microsoft four months ago, and now TippingPoint has publicly revealed the issues in accordance with their policies.
A Microsoft spokesperson is quoted as saying:
"We're aware of the reports regarding Internet Explorer for Windows Phone. A number of factors would need to come into play, and no attacks have been reported. We continue to monitor the situation and will take appropriate steps to protect our customers."
Thanks to WPit for the tip!