Google has issued a patch to cover a range of security holes in its Google Mini enterprise search appliance.
The Google Mini is a scaled down version of the higher-end Google Search Appliance, and is sold to firms with up to about 1,000 employees or to departments within larger organisations.
Internet security researcher Metasploit Project reported several bugs in the system that allowed remote attackers to read stored files, take over corporate systems and conduct cross-site scripting attacks.
Secunia, another internet security firm, described the flaws as “highly critical”.
Flaws were discovered in a feature that allows customisation of the Google Mini’s search interface through XSLT (Extensible Style-sheet Language Transformations) style-sheets.
These flaws allowed hackers to launch malicious attacks. Google said it wasn’t aware of any attacks on its customers as a result of the flaws.