Menu
    Close
    Search Search
    Close

    Google Drive: a serious security breach allows you to install malware on your PC

    Google Drive: a serious security breach allows you to install malware on your PC

    Google Drive is the victim of a flaw that can be exploited to install malware on your computer. This vulnerability is related to carelessness in managing file versions on the storage service.

    If like millions of people around the world you use Google Drive to store and share personal or work files, you should know that a major flaw has recently been discovered in the storage service. It leaves you at the mercy of malware if you frequently download shared files. A security researcher named A. Nikoci demonstrates how the functionality of file version management can be exploited by malicious people to spread malware.




    In case you didn't know, a "manage versions" function on Google Drive allows you to see and access all the old versions of a file hosted and shared on the storage service. It can also be used for replace an old version of the file with a new file while keeping the same sharing link.

    What is this Google Drive flaw?

    It lies in negligence of the storage service, the consequences of which could be harmful. This is because Google Drive does not check file extensions when you upload a new version of the already existing document. The original file can thus be replaced by an executable in the simplest way. Worse, Google Drive keeps the preview of the original file and doesn't show any newly made changes to it.

    It goes without saying that the flaw leaves the door open for the spread of malware on a large scale, especially since Drive is often used as a hosting server for files intended for download by the public. A malicious person can indeed substitute a legitimate file with a corrupted version which easily passes Google's verification system.




    This is the second vulnerability affecting a service of the firm that was revealed this week. Another flaw made it possible to impersonate any Gmail user without their knowledge. A fix has already been deployed, but the Google Drive flaw has not yet received the same treatment. A. Nikoci claims to have informed Google of its discovery, but the flaw has still not been fixed. We therefore recommend that you only download shared documents from people you trust. The public files should absolutely be avoided.




    Source : The Hacker News



    • Google Drive
    • Share
    • Tweet
    • Share
    • Envoyer à un ami
    How to find phone contacts on Telegram? ❯

    Related Items

    How to Check the Presence of the Root
    Android
    How to Check the Presence of the Root
    Problems updating to iOS 14? Use Wondershare dr.fone to fix them
    Android
    Problems updating to iOS 14? Use Wondershare dr.fone to fix them
    Clash Royale: guide and tips for easy progress
    Android
    Clash Royale: guide and tips for easy progress

    Most visited posts!

    add a comment of Google Drive: a serious security breach allows you to install malware on your PC
    Comment sent successfully! We will review it in the next few hours.

    Content for you

    DMCA.com Protection Status 2024 / androidbasement.com