There is a big problem at eBay

This bug can install malware from item descriptions and eBay seems to think there is no problem.

Story originally from ArsTechnica¬†“Ebay has not plans to fix severe bug that allows malware distribution”

There is currently a bug in eBay that can allow the execution of Javascript, a powerful web scripting language found in most websites. This has been blocked from being used in the online store for security reasons but there is a flaw in the system designed to keep this powerful scripting language off the shopping giant.

The fault reported on the Checkpoint Security blog details how it is possible for an advertiser on eBay to include code in the description of the item for sale that will run various commands that could include the download of a malicious app.

The video below is a demonstration of the flaw in action.

An example of the malicious code in action.
An example of the malicious code in action.

Recommended action :
eBay users are advised to avoid clicking on additional dialogs offering discounts or asking to install an application.

To keep up to date with this an other security alerts and tech news, follow @benaylett on Twitter.