Critical vulnerabilities discovered in Framework Electron, Skype, Slack, Twitch and a series of affected apps
The framework of a variety of popular desktop applications such as Skype, Slack, Signal, Twitch . appears a serious security hole. It is important that this vulnerability only affects Windows.
While waiting for the developers of affected applications to update the new version to patch, Microsoft has updated Windows Defender to protect users from the threat of attack through this vulnerability.
This is a vulnerability of Electron - framework released in 2013. Based on web technologies like JavaScript, HTML and CSS, developers use it to create popular cross-platform applications like Skype, Visual Studio Code, Brave, Basecamp, GitHub, Ghost, Signal, Slack, Twitch, WordPress .
Whether this vulnerability is dangerous depends on how the developer uses the Electron protocol. Hackers can take advantage of this vulnerability to remotely execute malicious code to steal user data, and it impacts all applications using the Electron framework with a custom protocol processor.
The protocol processing vulnerability was patched by Electron development team on Electron 1.8.2-beta.4, 1.7.11 and 1.6.16. While waiting for developers to update the application, users can temporarily handle the instructions here. Skype has patched this vulnerability in the latest version, users can update.
See more:
- The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds
- Overview of vulnerabilities on Intel, AMD, ARM chips: Meltdown and Specter
- Firefox Quantum 58 has an official version for Windows, enhanced security and has many new features
You should read it
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
- Download an emergency Windows patch right away, fix two critical vulnerabilities, affecting every Windows version
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- Serious security vulnerability on Intel chips
- Apple patched many zero-day bugs in iOS 15.4.1 and macOS 12.3.1 updates
- Hacker revealed the second Zero-Day, broke Windows' EoP vulnerability patch
- Microsoft has released a critical update for Windows 10, users need to update now
- Lenovo updates BIOS to patch security holes for hundreds of device models
- Apple released a patch to fix security holes on Mac OS X
- IBM developed a new technology to patch security holes
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability