A security researcher has discovered a way of utilising multiple Discord security vulnerabilities in order to commit remote code execution (RCE) attacks. The exploit, which only affects the desktop version of the messaging app, allows attackers to access and run code remotely.
The vulnerabilities were discovered by Masato Kinugawa, a self-confessed bug hunter who reported the issues as soon as he could verify them. Discord acted swiftly to patch the flaws and an RCE attack no longer appears to be possible.
- Check out our list of the best Android antivirus apps around
- Here's our list of best endpoint protection software available
- We've built a list of the best ransomware protection services out there
Bug bounty programs like those offered by Discord incentivize hackers to discover security flaws before they can be used for malicious ends. Often these initiatives come with guarantees that no legal action will follow and cash rewards are usually given.
Because of the complexity of the Discord RCE exploit, Sketchfab, a platform used to publish virtual reality content, and Electron, the software used to develop desktop GUI apps, also had to be informed of their respective bugs. Both of these have also now been patched.
- Here's our list of the best antivirus services on the market
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.