Slack patches vulnerability in Windows client that could be used to hijack files

Strangers in your Slack channel could have messed with Slack for Windows' download settings, redirecting files to a malicious shared folder. It's fixed now.

Enlarge / Strangers in your Slack channel could have messed with Slack for Windows’ download settings, redirecting files to a malicious shared folder. It’s fixed now. (credit: NOAH BERGER/AFP/Getty Images)

On May 17, researchers at Tenable revealed that they had discovered a vulnerability in the Windows version of the desktop application for Slack, the widely used collaboration service. The vulnerability, in Slack Desktop version 3.3.7 for Windows, could have been used to change the destination of a file download from a Slack conversation to a remote file share owned by an attacker. This would allow the attacker to not only steal the files that were downloaded by a targeted user, but also allow the attacker to alter the files and add malware to them. When victims opened the files, they would get a potentially nasty surprise.

Tenable reported the vulnerability to Slack via HackerOne. Slack has issued an update to the Windows desktop client that closes the vulnerability.

The potential attack used a weakness in the way the “slack://” protocol handler was

 » Read More

Loading...

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

Comments

comments

“Old Town Road” finally gets the video treatment

“Old Town Road” finally gets the video treatment

Google plans to add scrolling screenshots in Android R

Google plans to add scrolling screenshots in Android R