Hundreds of software applications built using the developer framework called Electron may be vulnerable to a remote code execution flaw, according to developers of the framework. ![]() These instructions work for Windows, Mac, and Linux. Impacted are dozens of popular Windows applications such as Microsoft’s Skype for Windows and Slack.Įarlier this week, GitHub’s Electron team released two patched versions of the Electron framework (1.8.2-beta.4, 1.7.11, and 1.6.16) and also announced a workaround fix for the vulnerability ( CVE-2018-1000006). Apps installed from the Microsoft Store are kept up to date automatically and can be uninstalled at any time with a single right click, leaving no cruft behind in the Windows registry or file system that might eventually slow down your computer. Heres how to use Slack dark mode with the Slack desktop app so you can avoid straining your eyes. Meanwhile, publishers of affected applications, such as Skype for Windows and Slack, say they have also released updates to address the vulnerability.Įlectron is a node.js, V8, and Chromium open-source framework popular with developers interested in using web technologies such as JavaScript, HTML and CSS to build desktop apps. Slack para Windows Con la app de Slack, tu equipo estará más cerca que nunca. The framework, formerly known as Atom Shell, is currently being developed by GitHub.Įlectron said that “apps designed to run on Windows that that register themselves as the default handler for a protocol, like myapp://, are vulnerable,” according to a statement posted to GitHub’s Electron website. I like this app and was first introduced to it when I joined a technical support team. using native code, the Windows registry, or Electron’s app.setAsDefaultProtocolClient API.” “Such apps can be affected regardless of how the protocol is registered, e.g. Kaspr has 28 reviews and a rating of 5 / 5 stars vs Slack which has 22868 reviews and a rating of 4.66 / 5 stars. ![]() The Electron website lists over 400 applications built using the framework. ![]() However, it’s unclear how many of those use the default Electron protocol handler which defines whether apps are vulnerable to the flaw. Open Whisper Systems, which also uses the Electron framework, confirmed to Threatpost its Signal secure messaging client is not impacted.
0 Comments
Leave a Reply. |