That path could be directed to a Server Message Block (SMB) file-sharing location controlled by the attacker. By creating a crafted link posted in a Slack channel, the attacker could alter the default settings of the client-changing the download directory, for example, to a new location with a URL such as “slack://settings/?update=”. The potential attack used a weakness in the way the "slack://" protocol handler was implemented in the Windows application. Slack has issued an update to the Windows desktop client that closes the vulnerability. Tenable reported the vulnerability to Slack via HackerOne.
When victims opened the files, they would get a potentially nasty surprise. This would allow the attacker to not only steal the files that were downloaded by a targeted user, but also allow the attacker to alter the files and add malware to them. The vulnerability, in Slack Desktop version 3.3.7 for Windows, could have been used to change the destination of a file download from a Slack conversation to a remote file share owned by an attacker. It’s also worth noting that Slack introduced Skype integration, and last week also started to roll out a new voice calling feature (currently for desktop only).Īlso, to make sure your team’s data and conversations stay secure, check out our article on how to add Two-Factor Authentication to your Slack account.On May 17, researchers at Tenable revealed that they had discovered a vulnerability in the Windows version of the desktop application for Slack, the widely used collaboration service. Those oddities have been quashed.Īs always, you can grab this update by launching the Slack desktop app and head to Help > Check for Updates and download the latest version. On Linux, the team sidebar would exhibit odd behavior for some graphics cards.This time we’ll sleuth around for the real path, and get you to the right place (Slack). Slack would not load (and instead show a cryptic message) to those who had soft linked their AppData folder.
If your administrator had set up a session timeout, when it expired you’d be placed on a blank white screen rather than the sign in page.Many folks using a Windows Basic theme found their Alt-Tab menu overrun by notification windows, which have since been dispatched.According to the Slack release notes, this update brings your version up to 2.0.1 and addresses the following:
0 kommentar(er)
