Slack has fixed a major vulnerability in its desktop app
The now-fixed computer virus in Slack’s desktop app should have caused big issues for customers worldwide
Slack has fixed a “critical” vulnerability in its desktop app that would have posed a huge chance for customers of the messaging service. A security researcher recognized the computer virus, published it through a computer virus bounty platform, and changed into compensated for his efforts. But members of the safety community are arguing that the charge paid by Slack wasn’t almost enough.
In the current age of remote working, more people are counting on group collaboration tools and Slack is one of the top services in the category. A security vulnerability in the service’s desktop app, that’s now constant, could have induced important issues. In the incorrect hands, the take advantage of might have allowed faraway code execution, making it possible for a hacker to get right of entry to passwords, inner community get right of entry to, and files.
What’s extra, it changed into possible to make the attack “wormable,” allowing it to be exceeded on from one account to an entire institution of customers, thereby compromising a whole Slack crew. It’s clean that a big quantity of sensitive statistics might have been maliciously captured the use of the safety take advantage of.
The vulnerability wasn’t recognized through Slack’s safety crew, however. An unbiased safety researcher notified Slack through computer virus bounty platform HackerOne in advance this year. For his efforts, the researcher changed into presented a charge of $1,750. However, as Mashable explains, many individuals of the safety network experience that this wasn’t enough.
A spokesperson for Slack replied to those comments, explaining: “We deeply cost the contributions of the safety and developer communities, and we can hold to check our payout scale to make certain that we’re recognizing their work and creating price for our customers.” The spokesperson delivered that an preliminary repair for this take advantage of changed into applied in February.
Slack now does seem like supplying better payouts for substantial exploits which include this — an vital move, as a much less noble researcher could have offered this “critical” vulnerability to a malicious buyer. Thankfully, that wasn’t the case this time.