Slack patches Windows app bug that could've been used for spying

TwitterFacebook

A security researcher has uncovered a flaw in Slack that could've been exploited to steal files over the business messaging app and potentially spread malware.

The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination—whether it be on your PC or to an online storage server. You can set a download location in the app's preferences section. However, David Wells, a researcher at the security firm Tenable, noticed there's another way to configure the option: Via a special link.

"Crafting a link like 'slack://settings/?update={'PrefSSBFileDownloadPath':<pathHere>'}' would change the default download location if clicked," Wells wrote in a blog post on the vulnerability. Read more...

More about Slack, Spying, Tech, and Consumer Tech

COntributer : Mashable http://bit.ly/2Q9fkdi

Slack patches Windows app bug that could've been used for spying Slack patches Windows app bug that could've been used for spying Reviewed by mimisabreena on Sunday, May 19, 2019 Rating: 5

No comments:

Sponsor

Powered by Blogger.