Second Critical Vulnerability in Google Desktop!

Last week, Google confirmed a very important security flaw identified in Google Desktop able to allow attackers to obtain unauthorized access to an affected computer. After just a few days since the announcement, the company sustained the vulnerability was fixed so all the clients are now safe when they are using Google's application. Although I'm sure the flaw was really repaired, the second statement is surely wrong because a new vulnerability was discovered in Google Desktop that seems to be even more critical than the previous one.

The downloadable application is vulnerable to an online attack known as anti-DNS (Domain Name System) pinning that can allow an attacker to view all the information indexed by Google Desktop on an affected computer. Although security researchers sustained the attackers must exploit the vulnerability using a web-based attack that is more difficult than a direct exploitation, the use of the flaw can have greater impacts than any other vulnerability discovered in a Google product: the attacker is able to view all the information stored on a certain system.

"Because this type of attack is so difficult to pull off and is poorly understood, it is unlikely to be used by the criminals any time soon," said Jeremiah Grossman, chief technical officer at WhiteHat Security. But anti-DNS pinning shouldn't be ignored, he added. "We should keep our eyes on it in case the bad guys shift gears. Google said it was investigating Hansen's findings. "In addition, we recently added another layer of security checks to the latest version of Google Desktop to protect users from vulnerabilities related to Web search integration in the future," the company said in a prepared statement," PC World reported.

If you think you're vulnerable to attacks, you should download the latest version of Google Desktop that was tested by Softpedia and available on this link.