The IT security researchers at Positive Security Fabian Bräunlein and Lukas Euler have identified multiple one-click vulnerabilities across various popular software applications that can let an attacker execute arbitrary code on targeted devices.
The researchers noted in their research that desktop apps, particularly those that pass user-supplied URLs to be opened by the OS, are found to be vulnerable to code execution with user interaction.
Code execution is achieved either when the URL redirects to a malicious executable, such as .desktop, .exe, or .jar that is “hosted on an internet-accessible file share (NFS, WebDAV, SMB, …)” and is opened or another vulnerability in the opened app’s URL handler is exploited, explained researchers.
Which Applications are Vulnerable?
The vulnerabilities affect many popular apps, including VLC, Telegram, LibreOffice, Nextcloud, Bitcoin/Dogecoin Wallets, OpenOffice, Mumble, and Wireshark. The vulnerability stems from an insufficient validation of URL input.
Therefore, what happens is that when the app is opened via the OS, it automatically executed a malicious file. According to researchers, many applications failed to validate the URLs. This is why they allow an attacker to launch a specially designed link that points to a piece of attack code and results in remote code execution.
Patched Released for the Affected Apps
Abiding by the responsible disclosure rules, most of the affected applications have been patched to resolve the issue. These include:
1 – Nextcloud – version 3.1.3 of Desktop Client fixed on February 24 (CVE-2021-22879)
2- Telegram – a server-side cha ..