Imagine a hacker using the links to secretly reconfigure a Slack desktop app to send all downloaded files to an outside server. Wells realized the same function could be abused. "Crafting a link like 'slack://settings/?update=' would change the default download location if clicked," Wells wrote in a blog post (Opens in a new window) on the vulnerability. However, David Wells, a researcher at the security firm Tenable, noticed there's another way to configure the option: Via a special link. You can set a download location in the app's preferences section. The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination-whether it be on your PC or to an online storage server.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |