![]() When people has the LastPass binary running, the vulnerability could be exploited to allow malicious sites to execute arbitrary code on the visitor’s machine. They have 90 days, no need to scramble!”Īh-ha, I had an epiphany in the shower this morning and realized how to get codeexec in LastPass 4.1.43. “It will take a long time to fix this properly,” Ormandy said. The expert announced to have developed a PoC exploit code that shared with the LastPass development team that have three months to patch the issue before Project Zero discloses technical details. This is the third flaw discovered by Ormandy this month, the expert provided a few details about the issue across the weekend. Now the development team is hardly working to solve a serious flaw that could be exploited by attackers to steal user passcodes by simply tricking victims into visiting a specifically crafted malicious website, the flaw also allows hackers in some cases to execute malicious code on computers running the program. The company quickly started fixing the issue but the popular hackers announced the discovery of new bugs while completing its tests. ![]() Only affects version on (3.3.2), report on way. Wrote a quick exploit for another LastPass vulnerability.
0 Comments
Leave a Reply. |