Researchers of Undergo Security found that using this bag intruders could make links “origin://../malware”, that would enable attackers to use any application with the rights of current user.
“An attacker could’ve ran anything they wanted,” – argue Underdog Security experts.
Specialists explain that potential cybercriminals could also transit PowerShell commands to vulnerable PC, in this way loading in system additional malware and installing it.
Malware origin:// link could be sent user in a letter or published on intruders’ web-page. In combination with XSS-vulnerability exploit could also work independently, without victim’s participation.
Moreover, bug allowed abduction of tokens from users’ accounts with the use of simple one-line code. As a result, criminals got access to user’s account without a password.
‘Popping calc’ to demonstrate a remote code execution bug in Origin
EA developers already eliminated this problem; update for vulnerability issued on Monday, April 15, 2019.
Source: https://techcrunch.com
About Oxylersess.co.in Oxylersess.co.in pop-ups can not launch out of the blue. If you have clicked…
About Rewardznga.com Rewardznga.com pop-ups can not expose out of nowhere. If you have clicked on…
About News-xvagoda.cc News-xvagoda.cc pop-ups can not introduce out of nowhere. If you have actually clicked…
About Wadverants.co.in Wadverants.co.in pop-ups can not introduce out of nowhere. If you have clicked some…
About Unbosperismoles.co.in Unbosperismoles.co.in pop-ups can not introduce out of nowhere. If you have actually clicked…
About Ranshoof.com Ranshoof.com pop-ups can not launch out of nowhere. If you have clicked some…