Published: 24th August 2020
Report finds that hackers may exploit unpatched flaw in Google Drive
The Hacker News reports that Google is aware of the latest security issue that is found in the "manage versions" functionality in Google Drive
Hackers could exploit an unpatched flaw in Google Drive to distribute malicious files disguised as legitimate files on systems worldwide. The Hacker News reports that Google is aware of the latest security issue that is found in the "manage versions" functionality in Google Drive. The functionality allows users to upload and manage different versions of a file. A system administrator by the name of A. Nikoci allegedly reported the flaw to Google and later disclosed it to The Hacker News.
"The affected functionally allows users to upload a new version with any file extension for any existing file on the cloud storage, even with a malicious executable". Google was yet to issue an official statement on the report. According to Nikoci, "a legitimate version of the file that's already been shared among a group of users can be replaced by a malicious file". "Google lets you change the file version without checking if it's the same type. They did not even force the same extension," he was quoted as saying.
Google last week patched a security bug that impacted both its Gmail and G Suite email servers publicly disclosed by security researcher Allison Husain. Both Gmail and Drive faced an unprecedented outage last week. Those affected took to social media, reporting issues with opening attachments, failed logins and emails not landing in their inboxes.