Serious Security Flaw in Google Apps Script Plugged Before Exploit Hit Google Drive

Google'south Apps Script is a JavaScript-based, programming linguistic communication which is oft regarded as 1 of the more efficient options for lightweight application development. It has been widely used to develop simple tools for piece of work management and has served as the backbone for add-ons and extensions for Google Docs, Sheets and Slides.

But like every other programming language on the planet, Google's offer as well has its flaws and limitations. Even so, a recently discovered vulnerability in the Apps Script programming language could have allowed hackers to target cloud users by delivering malware via Google Drive, the search giant'due south very own online file storage solution.

The serious vulnerability was spotted past cybersecurity house, Proofpoint, whose experts have pointed that the vulnerability could have been exploited to deliver any grade of malware to unsuspecting user's devices. Even so, the good news is that then far, no such reports of evil acts committed by leveraging the flaw have been reported.

Regarding the malware'south method of action and its potential to inflict damage, Proofpoint security researcher, Maor Bin said:

Proofpoint inquiry has establish that Google Apps Script and the normal document sharing capabilities built into Google Apps supported automatic malware downloads and sophisticated social engineering schemes designed to convince recipients to execute the malware once it has been downloaded. We also confirmed that it was possible to trigger exploits with this type of attack without user interaction.

Moreover, the aforesaid bug could have been exploited by hackers to dish out malware at an even more than threatening calibration than they have done previously with Microsoft Office macros through the SaaS (Software As A Service) route.

But what's more worrisome is the fact that different past instances of hackers exploiting Google apps, which was dependent on users opening a fake Google Docs link, the recently discovered flaw couldsend a legitimate link to unsuspecting users to do the dirty human action.

Proofpoint alerted Google of its findings before making the written report public, and the visitor has since implemented necessary measures to fix the flaw and prevent it from beingness abused.