Numerous Desktop Apps Found Vulnerable To 1-Click Hacking Flaws – Patches Rolled Out

Researchers have found multiple desktop apps vulnerable to 1-click flaws. These include different popular apps such as LibreOffice and Telegram as well. Exploiting the flaws could allow remote code execution to an adversary.

1-Click Hacking Flaws In Desktop Apps

Researchers from Positive Security have discovered numerous code execution vulnerabilities in different desktop apps.

As explained in their post, the flaws allowed 1-click hacking attacks via multiple apps due to the same reason – insufficient user input validation treating it as a URL to open via the operating system.

Describing this problem, the post reads,

A common way to open files and links from a native desktop application is by passing a URI to the operating system to handle… When a user-supplied URL is opened in this way without additional checks, this can lead to code execution.

For this, an adversary can exploit how a target operating system behaves for certain URI schemes and file extensions. Or, the attacker may exploit flaws in third-party app URI handlers.

While browsers frequently deal with such links cautiously, apps often lack these checks.

Thus, it becomes possible for an adversary to exploit the flaws in various apps to achieve code execution. In their study, the researchers found the following apps as vulnerable;

  • Nextcloud
  • Telegram (desktop application)
  • OpenOffice
  • LibreOffice
  • Mumble
  • VLC
  • Wireshark
  • Bitcoin and dogecoin wallets
  • WinSCP

Detailed PoC exploits for all these apps are available in the researchers’ post.

Patches Released

Upon discovering the vulnerabilities, the researchers informed the relevant developers about the bugs.

Consequently, most of these apps have addressed the flaws (including the crypto wallets).

However, LibreOffice for Xubuntu remains vulnerable.

Besides, OpenOffice and VLC will be releasing the fixes shortly.

Nonetheless, due to the widespread nature of these flaws, the researchers still advise everyone involved to address the matter.

“This issue spans multiple layers in the targeted system’s application stack, therefore making it easy for the maintainers of any one to shift the blame and avoid taking on the burden of implementing mitigation measures on their end. However, due to the diversity of client systems and their configuration states, it is crucial that every party involved takes on some amount of responsibility and adds their contribution in the form of mitigation measures.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients