BASIC thinking InternationalBASIC thinking International
Font ResizerAa
  • Recommends
  • Startup
  • Smart Things
  • Science
  • Tech
  • Travel
  • Automotive
Search
  • Pages
    • Home
    • Blog Index
    • Contact Us
    • Search Page
    • 404 Page
  • Categories
    • Science
    • Smart Things
    • Startup
    • Tech
    • Automotive
    • Recommends
    • Travel
  • Personalized
    • My Saves
    • My Feed
    • My Interests
    • History
Follow US
Business

Slack admits to serious security vulnerability

Christian Erxleben
Last updated: July 9, 2021 11:12 am
Christian Erxleben
Share
Pexels.com / Mikhail Nilov
SHARE

Slack is one of the most popular communication tools – this is especially true for remote working companies. Now the messenger has admitted to a flaw in an email. The Slack security vulnerability has led to unauthorized people being able to read closed chats.

Contents
Slack vulnerability: What happened?Slack security vulnerability: Who is affected?What can I do if I am affected by the Slack security vulnerability?

The popular office messenger Slack has experienced a security flaw that went unnoticed for several months.

This is according to an official mail from the company, which BASIC thinking has obtained.

Slack vulnerability: What happened?

Anyone who invites new users to an existing, closed channel on Slack can choose between two options:

  1. The inviting person archives the existing channel and creates a new one, which can then be accessed by all old and new members. This way, new users cannot see old messages and documents.
  2. The inviting person adds the new user to the existing channel. In this case, the new member can see all old messages and documents.

During the same invitation process, a software error occurred for users who were added to an archived Slack channel via the iOS client.

As a result, all new users were able to see the old messages, files and documents of the closed chat despite the settings made.

Slack security vulnerability: Who is affected?

The Slack vulnerability occurred in all versions of the iOS client between December 10, 2020 and June 10, 2021. According to Slack, new users who were added to existing closed chats during this period sometimes had insights into the documents that were actually hidden.

In the corresponding info mail, Slack explains that it was informed about the security vulnerability on June 2, 2021. By updating the iOS client to version 21.06.11, the problem has been fixed since June 7, 2021. However, the corresponding email did not go out until the beginning of July 2021.

What can I do if I am affected by the Slack security vulnerability?

In its email, the office messenger advises all affected companies and the responsible administrators that all iOS users should update the application. Until this happens, it is not possible to add new users to closed channels.

Likewise, Slack informs that the affected users have been removed from the corresponding channels. At the latest, they can no longer access the actually secret chats and files.

Share This Article
Facebook Copy Link Print
ByChristian Erxleben
Follow:
Christian Erxleben is a journalist from Nuremberg, Germany. He is also the editor in chief of the famous German online magazine BASIC thinking. His interests include social media, marketing and tech. Follow him on Twitter.

You Might Also Like

Business

Microsoft buys AI specialist Nuance for $20 billion

3 Min Read
matchplan-mayweather-mcgregor-810x594
Business

Mayweather vs. McGregor: “The Fight of the Century”

5 Min Read
Neymar sports marketing
Business

Neymar & PSG: The Best Case for Sports Marketing?

5 Min Read
Business

5 Forecasts for the next 5 years: How companies are changing – according to IBM

6 Min Read
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?