Someone else who has the capabilities to see the program’s traffic this way can alter and steal the communicated text which would spell disaster for the victim. This communication is done in plaintext over HTTP rather than HTTPS which could be exploited by attackers to deliver malware. Nonetheless, in the latest, it is in the news with a vulnerability found in WinZip 24.Īs identified by researchers from SpiderLabs at Trustwave Security, WinZip 24 was found using Wireshark that when the program sends requests to check for updates and display prompts of the free trial being over. Most of us are pretty well acquainted with WinZip, especially when on the receiving end of its prompts to obtain a license for further use.
Other than malware delivery WinZip vulnerability also lets hackers carry out DNS poisoning and arbitrary code execution.
0 kommentar(er)
