The developers of the work collaboration app Slack have issued a security update for its desktop client following the discovery of a medium-severity download hijack vulnerability that could let attackers modify the location where downloaded files are stored.
Malicious actors could exploit the flaw to steal and spy on users’ documents by uploading them to a server they control. From there, the attackers could also manipulate the documents’ contents, perhaps damaging data integrity by altering account numbers in financial documents, or injecting malware into an Office document in order to infect users who open them.
Source: SC Magazine