"Slack Patches Critical Desktop Vulnerability"

A security engineer at Evolution Gaming discovered a critical remote-code execution (RCE) vulnerability in the popular Slack collaboration app, which has now been patched. The vulnerability could have allowed attackers to gain full remote control over the collaboration software's desktop version. Attackers could gain access to private keys, conversations, passwords, files, and other functions with a successful exploit. They could delve deeper into an internal network and explore the environment, depending on how Slack is configured on a targeted device. The RCE bug in the Slack desktop app could also be made wormable so that it reposts to all user workspaces. According to the researcher, an exploit was successfully tested on the latest versions of Slack for desktop on Mac, Windows, and Linux. This article continues to discuss the critical RCE vulnerability found in the Slack desktop app regarding where it stems from, what its exploitation could have allowed attackers to do, and Slack's response to this discovery. 

Dark Reading reports "Slack Patches Critical Desktop Vulnerability"