Trend Micro patched several critical flaws in Password Manager that were discovered by a Google Project Zero researcher. The vulnerabilities allowed hackers to execute malicious code and view contents of a password manager built in to the malware protection program and steal passwords.
“It took about 30 seconds to spot one that permits arbitrary command execution,” researcher Tavis Ormandy wrote in a bug report. “This means any website can launch arbitrary commands”.
He discovered that the password tool, which was written in JavaScript and Node.js, opened multiple HTTP ports but did not create a whitelist to handle API commands. For the full article click here
from hacker samurai http://ift.tt/1Oi7QxH
via IFTTT
No comments:
Post a Comment