Skype, Slack as well as others At risk of a Framework Security Flaw

  • Twitter
  • Facebook
  • Google+
  • Pinterest

A critical security flaw in a very popular framework is affecting many desktop apps, for example the likes of Skype and Slack. The vulnerabilities?modify the Electron desktop apps, a framework?made for progression of cross-platform desktop apps using basic web related technologies like JavaScript, HTML, and CSS.

While it’s compatible with Windows, Mac, and Linux, the flaw only seems affecting Windows. Since its creation in 2013 through the GitHub team, the framework has become seriously popular, enabling app developers to develop cross-platform applications. Your list of apps using Electron include (doesn’t mean these are vulnerable):

RelatedRussian Hackers Believed to Have Breached into Several German Ministries

  • Skype (new edition carries the protection fix)
  • Visual Studio Code
  • Basecamp
  • GitHub (Atom Editor)
  • Ghost
  • Signal
  • Slack
  • Twitch
  • WordPress.com and others

However, the vulnerability relies on what sort of developer has used the Electron protocol. Tracked as?CVE-2018-1000006, the flaw can be a remote code execution vulnerability that affects many of the Electron apps using custom protocol handlers. Apps created to exercise on Windows that register?themselves because default handler for any protocol, for instance myapp:// are vulnerable. By using vulnerability,?attackers can remotely execute code, producing app hijacking and potential loss of data.

Affected Platforms

Electron apps intended to are powered by Windows that register themselves since the default handler for your protocol, like myapp://, are vulnerable.

Such apps may be affected it doesn\’t matter how the protocol is registered, e.g. using native code, the Registry settings, or Electron’s app.setAsDefaultProtocolClient API.

Related43% coming from all Login Attempts Made Online Are Actually Hackers Aiming to Control Banking account

macOS and Linux are not vulnerable to this particular issue.

This Protocol Handler vulnerability has become fixed together with the new?versions of Electron: 1.8.2-beta.4, 1.7.11, and 1.6.16. Developers asserted that app developers who cannot update their apps immediately will use this workaround for your temporary fix. Several developers already have included this fix, so that it is very important to users to update their apps within the earliest. Since flaw only affects Windows, Microsoft additionally updated Windows Defender to out of this vulnerability.

Correction: a young type of this piece incorrectly mentioned Brave in the affected list of apps.

Leave a Reply

Your email address will not be published.
Required fields are marked *