This bug can install malware from item descriptions and eBay seems to think there is no problem.
Story originally from ArsTechnica “Ebay has not plans to fix severe bug that allows malware distribution”
The fault reported on the Checkpoint Security blog details how it is possible for an advertiser on eBay to include code in the description of the item for sale that will run various commands that could include the download of a malicious app.
The video below is a demonstration of the flaw in action.
Recommended action :
eBay users are advised to avoid clicking on additional dialogs offering discounts or asking to install an application.
To keep up to date with this an other security alerts and tech news, follow @benaylett on Twitter.