A Flaw In Google Drive Allowed Hackers To Install Malware Easily

In the event that you utilize Google Drive for your own or business use

You should know about a defect that was as of late found in the Mountain View-based innovation goliath’s distributed storage administration. The new blemish makes you helpless against malware and spam assaults on the off chance that you regularly access shared documents on Google Drive.

The blemish, found by A. Nikoci and detailed by The Hacker News, shows how Google Drive’s “oversee renditions” are ready for being played by programmers. In case you’re not mindful, “oversee renditions” on Google Drive, we should one see and access all the more established variants of a record that was facilitated and shared by Google Drive. Likewise, this element is used to supplant a more seasoned variant of the document with another record without breaking its offer connection.

A Google Drive weakness could allow attackers trick users to ... — Source: Cybersafe News. com

The issue lies in how Google doesn’t check the record type when you transfer another rendition.

For example, a picture – a JPEG document – can be supplanted with an executable record (.exe) with the oversee variants include. Shockingly, when saw online, Google Drive won’t demonstrate recently made changes – in that it will show you a preview of the JPEG picture – yet when downloaded, it will download the more up to date .exe document.

You can see the equivalent in real life in the video beneath in which Nikoci replaces a harmless looking PDF record with an executable document. As found in the video, the see, despite everything, shows the more established PDF; however, on downloading the document, it downloads the new executable record that was supplanted utilizing the “oversee adaptations” highlight on Google Drive.

As found in the video, a similar record when downloaded from a site on Google Chrome is marked with a ‘hazardous’ notice sign.

Nikos said he announced the escape clause to Google, yet the issue was still unpatched as of August 22. We have contacted Google for a report on the equivalent yet. Then, be careful from downloading documents from obscure Google Drive organizers.