Security News > 2021 > April > 1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems.
The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.
"Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction," the researchers said.
Positive Security's analysis found that many apps failed to validate the URLs, thereby allowing an adversary to craft a specially-crafted link pointing to a piece of attack code, resulting in remote code execution.
Following responsible disclosure, most of the apps have released patches to remediate the flaws -.
Mumble - Fixed in version 1.3.4 released on February 10.