Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Critical Vulnerability Caught In Google Desktop

A security company is advising people who use Google Desktop to immediately download the latest version to protect their computers from a critical vulnerability.

Danny Allan, director of security research at Watchfire, a security and analysis company, says researchers found a vulnerability in Google Desktop that puts users' private information at risk and enables remote attackers to run programs on the infected machines. Allan says they reported the vulnerability to Google on Jan. 4, and the online search leader created a fix for it on Feb. 1.

Allan notes that while Google says it can automatically update its software and take care of the vulnerability, he has had to manually update his three home computers. "The fix is in their latest version," he says. "My software did not [automatically] patch. We had some issues with the updating mechanism. It didn't work at all. We had to install it manually."

Barry Schnitt, a Google spokesman, says the company started pushing out auto updates a few weeks ago and is still in the process of getting to its millions of users. He also says the auto update will work in the "vast majority" of cases. "A fix was developed quickly, and users are being automatically updated with the patch. In addition, we have [added] another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future," Schnitt says.

Google hasn't received any reports of the vulnerability being exploited, Schnitt says. "However, users should make sure they are running the latest version of Google Desktop by going to http://desktop.google.com and downloading the latest version and installing it," he adds.

  • 1