{"id":121590,"date":"2021-04-15T17:23:20","date_gmt":"2021-04-16T00:23:20","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/04\/1-click-hack-found-in-popular-desktop-apps-check-if-youre-using-them"},"modified":"2021-04-15T17:23:20","modified_gmt":"2021-04-16T00:23:20","slug":"1-click-hack-found-in-popular-desktop-apps-check-if-youre-using-them","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/04\/1-click-hack-found-in-popular-desktop-apps-check-if-youre-using-them","title":{"rendered":"1-Click Hack Found in Popular Desktop Apps \u2014 Check If You\u2019re Using Them"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/1-click-hack-found-in-popular-desktop-apps-check-if-youre-using-them2.jpg\"><\/a><\/p>\n<p>Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems.<\/p>\n<p>The issues were discovered by Positive Security researchers Fabian Br\u00e4unlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin\/Dogecoin Wallets, Wireshark, and Mumble.<\/p>\n<p>\u201cDesktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction,\u201d the researchers <a href=\"https:\/\/positive.security\/blog\/url-open-rce\" rel=\"noopener\" target=\"_blank\">said<\/a>. \u201cCode execution can be achieved either when a URL pointing to a malicious executable (.desktop,.jar,.exe, \u2026) hosted on an internet accessible file share (nfs, webdav, smb, \u2026) is opened, or an additional vulnerability in the opened application\u2019s URI handler is exploited.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Br\u00e4unlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin\/Dogecoin Wallets, Wireshark, and Mumble. \u201cDesktop applications which pass [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1318,34,418],"tags":[],"class_list":["post-121590","post","type-post","status-publish","format-standard","hentry","category-bitcoin","category-cybercrime-malcode","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/121590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=121590"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/121590\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=121590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=121590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=121590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}