New critical security vulnerability detected in Discord desktop app

160
New critical security vulnerability detected in Discord desktop app

Discord announced it has patched a severe issue in the messaging app’s desktop version, which exposed clients to potential remote code execution (RCE) attacks. Masato Kinugawa, a bug bounty hunter, created an exploit chain leading to the RCE a few months before. He later published a blog post that described the method’s technical details, which blends multiple bugs.

Read More: Self-Doubt and Introspection is Crucial to Keep the Security Teams Sharp

The security vulnerability was detected in Electron, a software framework deployed in the Discord desktop app. The app is not open-source, but Electron utilizes a JavaScript code (open source project) that was saved locally and examined after extraction. He was awarded for the detection, and the vulnerability has since been resolved.

Source: https://www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/