Electron patches patch after security researcher bypassed said patch

  • 25 May 2018
  • 0 replies
  • 159 views

Userlevel 7
Badge +54

January's fix for software toolkit had blacklist flaw, now fixed

 By Richard Chirgwin 25 May 2018 In an update last week, the developers of Electron – the toolkit used to craft widely used apps from Skype and Slack to Atom – shipped a patch to their January patch, and now, an infosec researcher has explained why.
 
A remote-code execution vulnerability, CVE-2018-1000006, was found in Windows applications developed using Electron that registered custom protocol handlers.
 
Full Article.

0 replies

Be the first to reply!

Reply