Researchers from a leading web application firm said today they have uncovered a major vulnerability in Google Desktop that could allow hackers to perform searches on a victim's computer and discover sensitive files.
"Because of the integration between Google.com and Google Desktop, that is the way the malicious individual navigates onto (a victim’s) computer," Allan said. "To the victim, it’s a click."
Once the victim’s machine is compromised, an attacker can remotely perform searches and disable default settings, allowing him access to password-protected documents and archived secure websites, he said. The malicious individual also can force the victim to execute certain programs.
"The outcome of this is very serious," Allan said. "The ongoing danger is that more and more applications have very powerful features like this and more and more allow integration between the local computer and the internet."
Google said it was not aware of any users being impacted.
"A fix was developed quickly, and users are being automatically updated with the patch," Google spokesman Barry Schnitt said. "In addition, we have (added) another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future."
Users are urged to update to the latest version of the application, Schnitt added.
Allan said the bug emphasizes the need for developers to build more secure applications and for anti-virus vendors to create solutions that defend against such attacks.
Click here to email reporter Dan Kaplan.