Situation
Vulnerability found in Slack, a common messaging platform.
Problem
A vulnerability in Slack for Windows, version 3.3.7, can allow an attacker to change the destination of downloaded files and the data integrity of files.
Implication
An attacker can gain access to confidential and sensitive files by forwarding documents on Slack to their own SMB server. An attacker can also redirect the user's links so that malware and ransomware is downloaded.
Need
This vulnerability has been patched. Slack used on Windows devices should be updated to version 3.4.0 or higher to remediate this vulnerability.
Learn More
https://www.tenable.com/blog/slack-patches-download-hijack-vulnerability-in-windows-desktop-app