Friday, 23 February 2007
Google Desktop Flaw Disclosed, Fixed |
| |
|
| |
Watchfire has revealed a flaw in Google Desktop that will let fraudsters confiscate confidential information and take control of a system. Google has come out with an update that patches the flaw. This patch is based on cross-site scripting techniques.
The fraudster can exploit the vulnerability through a crafted web link containing JavaScript code. When the link is clicked, the code is executed by the Google Desktop application, which then allows the attacker to perform searches on the infected computer.
The flaw could lead to confidential information like passwords and the like to be exposed.
Security experts believe that although the flaw has been fixed, the tight integration between Google Desktop and Google.com continues to pose a security problem.
|
| |
|
|
| |
|
|
| |
|
|
| |
|
