Discord announced it has patched a severe issue in the messaging app’s desktop version, which exposed clients to potential remote code execution (RCE) attacks. Masato Kinugawa, a bug bounty hunter, created an exploit chain leading to the RCE a few months before. He later published a blog post that described the method’s technical details, which blends multiple bugs.
Read More: Self-Doubt and Introspection is Crucial to Keep the Security Teams Sharp
The security vulnerability was detected in Electron, a software framework deployed in the Discord desktop app. The app is not open-source, but Electron utilizes a JavaScript code (open source project) that was saved locally and examined after extraction. He was awarded for the detection, and the vulnerability has since been resolved.
Source: https://www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
