A new security flaw has surfaced in a popular web application used by US military personnel and their families to keep tabs on their loved ones.
In this case, the flaw allows attackers to send fake emails to their spouses and children with the subject line “Your family.”
The issue was first reported by security researchers at antivirus firm AV-Test and was disclosed Monday.
The flaw appears to be limited to an outdated version of the popular web-based proxy service, and is only present when the application is opened in a new tab.
The attackers also appear to have used the flaw to send spam to their targets, AV-Tests said in a statement.
Affected versions of the web proxy service are available for Windows, Mac, and Linux.
The bug has been patched by Apple, but AV-test said it is still vulnerable to previous versions of Microsoft Internet Explorer, which are used in the latest version of Windows.
Microsoft’s fix will block the issue from being exploited by attackers and other users who are using a different version of Internet Explorer to access the proxy.
AV-tests said it will likely be in the next version of IE that is released, and a patch will also be available for Mac.
“In order to prevent this from happening again, you will need to upgrade your browser and reinstall the browser,” AV-tests said.
“If you use a different browser, you can use a tool such as the One Click Fixer to disable this vulnerability.”
The bug appears to only affect users of the Military Personnel Privacy & Security Service (MPRS), the main website for US government agencies.
It was not immediately clear how many people have been affected.
It is unclear if the flaw has been fixed for other applications that may be used by spouses and family members, or if it will be patched by the time the affected versions of those programs are released.