Computing News | Google patches Serious Desktop Flaw

Latest News | News Archive |

Posted by: Tweaker
Date added: 22:26 Wednesday, 21st February 2007 GMT
Source: InfoWorld

Security researchers at Watchfire discovered a serious flaw in Google's desktop software over a month ago, but it has only been made public today. Google was first notified of the problem way back on January 4 and produced its fix on February 1. While Google is automatically delivering a patch, Google Desktop users may want to make sure they are running version 5.0.701.30540 or later. In addition to its bug fix, Google has added, "another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future. We have received no reports that this vulnerability was exploited," said Google Spokesman Barry Schnitt.

According to Watchfire, the flaw lies in a search parameter used by Google Desktop's Advanced Search feature, which could be used to execute malicious JavaScript code. For this attack to work, the criminal would have to first go through a number of steps, including hacking Google.com to find a cross site scripting vulnerability on the Web site (something that has been done several times in the past year). If successful, a criminal could search for anything on the computer or even take it over by tricking Google desktop into running malicious software stored on another computer, Watchfire claims.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]