Tsakalidis said that he had contacted Electron about the vulnerability but that he had gotten no response-and the vulnerability remains. The vulnerability is not part of the applications themselves but of the underlying Electron framework-and that vulnerability allows malicious activities to be hidden within processes that appear to be benign. But Electron can also pose a significant security risk because of how easily Electron-based applications can be modified without triggering warnings.Īt the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA, a Python-based tool that allows someone to unpack Electron ASAR archive files and inject new code into Electron's JavaScript libraries and built-in Chrome browser extensions. Based on JavaScript and Node.js, Electron has been used to create client applications for Internet communications tools (including Skype, WhatsApp, and Slack) and even Microsoft's Visual Studio Code development tool. LAS VEGAS-The Electron development platform is a key part of many applications, thanks to its cross-platform capabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |