Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The computer is capable of being hacked with just 1 click if these popular applications are installed
Security experts Fabian Braunlein and Lukas Euler of Positive Security discovered these problems on apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin / Dogecoin Wallets, Wireshark and Mumble.
'Desktop applications that pass a user-supplied URL to open by the operating system are more likely to present a code execution vulnerability under user interaction. Code execution is achievable when a URL pointing to a malicious executable (.desktop, .jar, .exe .) hosted on an internet accessible file (nfs, webdav, smb .) is opened or an additional vulnerability in the open application's URI handler is exploited '- experts information.
That is, the vulnerabilities stem from input URL validation. When they are opened by the operating system without proper authorization, malicious files are accidentally executed.
Positive Security analysis shows that many applications are unable to validate the URL, so the hacker has a chance to create a specially designed link pointing to an attack code, leading to remote code execution. .
Once detected, most apps have already rolled out a patched update:
- Nextcloud - Fixed in version 3.1.3 for Desktop Client, released February 24 (CVE-2021-22879)
- Telegram - Issue reported Jan. 11 and then fixed on the server side by February 10.
- VLC Player - Issue reported on January 18, bug fix version 3.0.13 released a week later.
- OpenOffice - To be fixed in the next patch (CVE-2021-30245)
- LibreOffice - Fixed in Windows, but the vulnerability still exists in Xubuntu (CVE-2021-25631)
- Mumble - Fixed in version 1.3.4 released February 10 (CVE-2021-27229)
- Dogecoin - Fixed in version 1.14.3 released February 28
- Bitcoin ABC - Fixed in version 0.22.15 released March 9
- Bitcoin Cash - Fixed in version 23.0.0 (preparing to release)
- Wireshark - Fixed in version 3.4.4 released March 10 (CVE-2021-22191)
- WinSCP - Fixed in version 5.17.10 released February 26 (CVE-2021-3331)
This issue spans multiple layers of the application stack on the targeted system, so any layer's maintenance tool can easily push the real burden, the researchers said. show mitigation measures towards the remaining layers ".
As such, it is important that all stakeholders assume some responsibility and put in place risk mitigation measures, such as URL validation and automatic remote mount remote sharing.
Marvin FryYou should read it
- 3 ways to customize menus and toolbars in LibreOffice
- What's new in LibreOffice version 4.4?
- How to install and set up Mumble server
- LibreOffice 7.2.2/7.1.6 , download LibreOffice 7.2.2/7.1.6 here
- 7 best safety wallets for Bitcoin and other electronic currencies
- How to install Nextcloud server on Windows 10
- How to Install Wireshark on Debian 11
- How to install Nextcloud with OnlyOffice in Ubuntu
May be interested
- The $ 5 million supercar is capable of hacking iPhone and Android smartphones from a distance of 500 meters
the spearhead 360 car is equipped with a new generation of reconnaissance tools with 24 antennas to help it reach the target device. after identifying the target, this system has 4 different ways to force your device to connect to its wifi and then proceed to attack. - How to create a list of installed programs on Windowsreinstalling the windows operating system is one of the great solutions to troubleshoot problems on your computer. however, before reinstalling windows, you should save the list of programs and applications you have installed to reinstall the applications and programs on the new operating system.
- 28 harmful applications that need to be immediately removed from your smartphonesecurity experts have recently discovered 28 applications containing malicious code that have been installed on the smartphones of millions of users. if you have one of these applications installed, immediately remove it from your device.
- Free applications should be installed when purchasing a new Macbookwhen buying a new macbook, apple installed by default for users some applications to use. however, those applications have not really met the users' extensive use needs. the applications in the article below can be referenced to install on the device.
- How to avoid installing unwanted softwarecurrently on the internet, there are programs, applications or toolkits that have been installed by the manufacturer or websites that have additional settings installed automatically in parallel with the installation of medium programs and applications. the download has caused many troubles for users by the presence and operation of these uninvited guests.
- Ways to Install Minecraft on Windows/MAC/Linuxminecraft is one of the most popular computer games in the world. one of the main reasons why this game is so popular is that it can be installed on almost any computer.
- 6 types of unreliable applications on Google Play, should not be installed on smartphonesbelow is a list and how to identify unreliable types of applications on google play that users should not install for their smartphones.
- Here's how to check if your TeamViewer account is hacked.if you are worried or suspect that your teamviewer account has been hacked, you can conduct a small investigation to confirm this again.
- How to Get Rid of Snap Dosnap do is a custom search engine and toolbar program that may have been installed at the same time you downloaded a separate third-party application to your computer, such as vshare. applications such as snap do are commonly referred to...
- Top 4 Auto Click apps for Android do not need rootwith auto click applications. you will not have to manipulate much when playing games, using applications or tasks available on the computer.
Attack the network
- Why is Ransomware the perfect hack?
- Top 5 DANGEROUS VIRUS types that you need to be wary of in 2021
- Warning: The Joker malware has infected over 500,000 Huawei Android devices
- Hackers are taking advantage of the Store to distribute malware
- Personal data of more than 500 million LinkedIn users was leaked
- The attack on Microsoft Exchange increased while WannaCry showed signs of return
Why is Ransomware the perfect hack?
Top 5 DANGEROUS VIRUS types that you need to be wary of in 2021
Warning: The Joker malware has infected over 500,000 Huawei Android devices
Hackers are taking advantage of the Store to distribute malware
Personal data of more than 500 million LinkedIn users was leaked
The attack on Microsoft Exchange increased while WannaCry showed signs of return