Old version of Slack vulnerable to RCE

  • 1 September 2020
  • 2 replies

Userlevel 7

This only affects versions prior to 4.4 (current version is 4.8) so make sure your Slack clients are updated!

2 replies

Userlevel 4

So slack is one of those apps that we have difficulty keeping patched since it cant be patched while its running and it runs on startup. Is there a good worklet way to stop the process and then invoke patching on it? How are you guys handling this issue?

Userlevel 7

You could have a worklet run and kill the process right before the patching window. Should be pretty simple to issue a kill command on the process. Let me know if you’re able to get that working.