Slack Desktop Application RCE Vulnerability

By Fortra's Digital Defense

Slack Desktop Application Remote Code Execution (RCE) Vulnerability

A RCE flaw was disclosed on August 31st, 2020, which affects the users of the Windows, Mac OS, and Linux desktop application versions of Slack.  Users that click on an HTML injected image, will be redirected to an attacker’s server where a malicious javascript payload will be executed within the Slack application on their local machine, which could gain an attacker access to any sensitive data held within the Slack application.  This vulnerability was patched in February by Slack, but was not disclosed until recently.  It is recommended that all users of the Slack desktop application are using version 4.4 or greater.

Frontline.Cloud will release a high severity rated authenticated check for this vulnerability with the release of scanner version

Share This