Photo: Shannon Stapleton / Reuters
Dangerous vulnerability in Windows 10 allow the application of Universal Windows platform (UWP) to access the file system without user confirmation. This could lead to invisible data theft, according to an expert in the field of cybersecurity Sebastien Lachance (Sébastien Lachance) in his blog.
By default, the UWP-programs have access to files and folders located in the root folder of the installed application and data folders in AppDataLocal, AppDataRoaming, and Temp. If the service requires access to files outside of these folders, developers can request the necessary permissions.
Thus, the UWP program is to gain control over documents, music, pictures and other user files. However, the expert found a bug in the API broadFileSystemAccess, which gave developers access to the entire file system of the device without the knowledge of users.
According to Lutyens, because of a bug in Windows 10, users could not see the settings window in which they need to give applications permission to access the file system. This allowed the attackers to install on victims ‘ computers viruses and steal personal data from infected devices.
In fresh the October update of Windows 10 dangerous vulnerability fixed, but some third-party developers are faced with new challenges, as their UWP-app has stopped running.
Previously, hackers managed to circumvent the new protection system ransomware in Windows 10. Crackers suggested to circumvent the mechanism Controlled Folder Access using any DLL injection.
Video, photo All from Russia.