They managed to trick the Google desktop search program into inserting those results into other web pages where an attacker could read them. This would only work after a user had visited an attacker's website, upon which a Java program (as created by the Rice group) would be able to fool the Google desktop software into providing the user's search information. The program was able to do anything with the results, including transmitting them back to the attacking site.
...According to a statement from the web search company on Monday, it has rolled out a fix for the vulnerability that a US computer scientist and two of his students found in the tool in late November.
No comments:
Post a Comment