14 DAY TRIAL // The downloadable application that is meant to take the power of the online Google Search into the offline mode, Google Desktop, is affected by a major flaw that can allow an attacker to do almost whatever he wants with the affected computer. Robert Hansen, CEO of Sectheory.com and member of Ha.ckers.org discovered a vulnerability that can be exploited through wireless hotspots and arbitrary programs installed on the users' computers. Basically, the attackers need an application installed on the victim's system that will be used as a connection point.
"This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model. As Google's site is unencrypted, and they place their content that can run executibles on their site, it can be subverted by an attacker. To avoid these issues, only use trusted networks while Google Desktop is installed, keep it from indexing certain dangerous files or uninstall it completely," it is mentioned in the description of the exploitation published by Robert Hansen.
This is not the first time when Google Desktop is affected by critical vulnerabilities that can harm the users' computers. Back in February, the security companies discovered two critical flaws that could allow the hackers to break into an affected system. However, the two vulnerabilities were made public after the Mountain View company managed to patch them so the risk of successful exploitation was reduced to a minimum.
Google Desktop is a downloadable application designed by the search giant that is meant to take the power of the famous search technology into the offline mode. Recently, the company published the Mac version of the program that competes with Spotlight, the default search tool included in Mac OS X.
If you want to download Google Desktop for Windows, you can take it from Softpedia. The Mac version is available on this link.