To carry out the attack, an attacker the victim or a specially prepared zip file via the command unzip -t leave open. Google adheres next to the search for vulnerabilities in their own software too busy checking open source software. The leak was reported on December 3 by researcher Michele Spagnuolo.
On the same day, there appeared the UnZip administrator update, followed by a second update later that day. A week later warned were all affected suppliers using UnZip, after yesterday's advisory appeared online. The leak is present in UnZip 6.0 and older. The last update of the program dates from April 2009.
No comments:
Post a Comment