A research paper released today by Watchfire talks about a possible vulnerability in Google Desktop [pdf]. They were able to exploit flaws in the application and its integration with the web to obtain “remote and persistent access” to data on the target system. This was just announced, so we’ll have to see if it stands up to scrutiny. At first glance, the paper seems reasonable, but the situation has to be just right to successfully attack a system, and may require getting the user to click on a malicious link.
Related posts:
