loader gif

Slack Kills Scary Bug

Slack Kills Scary Bug (Malware and Vulnerabilities)

Photo: Mark Lennihan / APA bug discovered in Slack, the workplace messaging app, may have allowed an attacker to intercept files downloaded from inside Slack’s Windows desktop client, according to security researchers.An attacker would introduce a malicious link into a Slack channel that, if clicked, would silently alter the download-location setting of the victim’s client to a file server owned by the attacker. As always, users are encouraged to [update] their apps and clients to the last available version.”Tenable researcher David Wells said the bug “would allow all future downloaded documents by the victim to end up being uploaded to an attacker owned file server until the setting is manually changed back by the victim.” The attacker could not only steal any downloaded files with this method but could then modify them as well to include a malicious package. A “slack://” link may include, for instance, “PrefSSBFileDownloadPath,” which allows for the download destination to be altered automatically if any user clicks the link.

loader gif