28 june 2024
Our eHealth team advised us yesterday of an international vulnerability relating to polyfill.io . This domain has become compromised and is spreading malware through a widespread supply chain attack, estimated to affect over 110,000 websites including major websites such as the BBC. The Polyfill site offered widely used bits of code for older browsers that allowed the use of modern Javascript features. Such code makes the work for web developers easier and allows compatibility with a broader range of browsers.
Websites that have used the Javascript code from Polyfill have been urged to remove such code immediately. The change occurred after a suspected Chinese firm purchased the domain in early 2024.
Tactuum have identified and are now testing a fix to remove all Polyfill code from the RDS site.. They will be deploying the fix on Monday 1 July along with other planned fixes and amendments. I will notify you of the timing of the deployment as soon as possible.
In the meantime, please ensure that you have up-to-date anti-virus software installed on your machines and personal devices.
