January's fix for software toolkit had blacklist flaw, now fixed
By Richard Chirgwin 25 May 2018 In an update last week, the developers of Electron – the toolkit used to craft widely used apps from Skype and Slack to Atom – shipped a patch to their January patch, and now, an infosec researcher has explained why.A remote-code execution vulnerability, CVE-2018-1000006, was found in Windows applications developed using Electron that registered custom protocol handlers.
Full Article.