Google has been forced to patch three flaws in its Google Desktop search service after it was discovered the software was open to remote attack.
Google was informed of the security flaw by security software firm Watchfire at the turn of the year.
The search giant asked Watchfire to hold off from publicising the threat until it was able to patch the Google Desktop system, which allows users to search for local files and documents on their PCs.
Watchfire said the flaws were a result of the close integration between Google Desktop and the Google.com website, and Google Desktop's failure to properly encode output containing malicious or unexpected characters.
“These flaws take advantage of web application vulnerabilities and the increasing power of the web browser. Unlike traditional computer penetration attacks, there is no need for binary code to be injected,” said Watchfire.
Google has no plans to restrict Google Desktop’s close integration with the web.
Related article: A white paper on the flaws is available on the Watchfire website
Related article: Google and Vodafone team up on mobile maps
Comment on this article: [email protected]
David Lacey’s security blog
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog
Dealing with the operational challenges of information security and risk management