![]() This is why they allow an attacker to launch a specially designed link that points to a piece of attack code and results in remote code execution.Ībiding by the responsible disclosure rules, most of the affected applications have been patched to resolve the issue. According to researchers, many applications failed to validate the URLs. Therefore, what happens is that when the app is opened via the OS, it automatically executed a malicious file. ![]() SEE: Major vulnerability exposes 5G core network slicing to DoS attacks The vulnerability stems from an insufficient validation of URL input. The vulnerabilities affect many popular apps, including VLC, Telegram, LibreOffice, Nextcloud, Bitcoin/Dogecoin Wallets, OpenOffice, Mumble, and Wireshark. ![]() jar that is “hosted on an internet-accessible file share (NFS, WebDAV, SMB, …)” and is opened or another vulnerability in the opened app’s URL handler is exploited, explained researchers. The researchers noted in their research that desktop apps, particularly those that pass user-supplied URLs to be opened by the OS, are found to be vulnerable to code execution with user interaction.Ĭode execution is achieved either when the URL redirects to a malicious executable, such as. The IT security researchers at Positive Security Fabian Bräunlein and Lukas Euler have identified multiple one-click vulnerabilities across various popular software applications that can let an attacker execute arbitrary code on targeted devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |