Microsoft is working to fix a security bug in Internet Explorer 5 for the Mac.
The bug can expose private files, and in some cases, grant unauthorized access to sites on a company's intranet. The bug is not new – it first appeared in 1997. Microsoft fixed the bug then, but it has reappeared in the latest version of IE, according to a CNET report
Microsoft has not specified when the fix would be ready. The security hole arises because of the way in which IE 5 interacts with Apple's runtime for Java. The hole allows a malicious Web site to gain access to content redirected through other Web sites.
To exploit the hole, an attacker would have to lure users to a "booby-trapped" Web site, and he or she would have to know the paths of the files, or exact addresses of intranet pages they wanted to access, and most firewalls would prevent unauthorized access.
However, bug hunter Ben Mesander, who originally posted a demonstration of the bug in 1997, and has updated his site for the latest incarnation, believes the bug is more dangerous than this. "The bug is dangerous precisely because it works through firewalls," he said. "There's actually a firewall between by home network and the Web server the security demonstration is on. The only way a firewall would prevent the bug is if it disallowed all Web traffic. Most firewalls these days allow Web traffic."