An unpatched security weakness has been discovered in Google Drive, which could be exploited by malware attackers for distributing malicious files disguised as legitimate images or documents. This could allow bad actors to perform spear-phishing attacks relatively with a high success rate.
The latest security issue was left unpatched as Google remained unaware of the same. This vulnerability resides in the “managed versions” functionality offered by Google Drive to allow users to seamlessly upload and manage different versions of the file. This also allows its interface to provide the latest version of the files to the users.
Logically, the manage versions functionally allow Google Drive users to update the older versions of a file with a new version having a similar file extension, but it turns out that it’s not the case.