Saturday, 29 August 2020

Slack fixes 'critical' vulnerability that left desktop app users open to attack

Slack fixes 'critical' vulnerability that left desktop app users open to attack

Slack and its scores of desktop app users just dodged a major bullet. 

The communications tool relied upon by journalists, tech workers, and D&D fans alike disclosed on Friday a "critical" vulnerability — now fixed — that would have let hackers run wild on users' computers. Slack's internal security team didn't even find the bug; rather, it was a third-party security researched who reported it, through the bug bounty platform HackerOne in January.

Notably, the exploit allowed for something known as "remote code execution," which is just as bad as it sounds. Before Slack fixed it, an attacker using the exploit could have done some pretty wild stuff, such as gaining "access to private files, private keys, passwords, secrets, internal network access etc.," and "access to private conversations, files etc. within Slack." Read more...

More about Cybersecurity, Slack, Tech, and Cybersecurity

https://ift.tt/31D9Aji from Tech https://ift.tt/2YMwIdl
via IFTTT

No comments:

Post a Comment