Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
Home»ETHEREUM NEWS»Security Warning – Mist may be vulnerable to malicious DApps.
ETHEREUM NEWS

Security Warning – Mist may be vulnerable to malicious DApps.

By Crypto FlexsApril 2, 20242 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Security Warning – Mist may be vulnerable to malicious DApps.
Share
Facebook Twitter LinkedIn Pinterest Email

Mist leaks some low-level APIs that Dapps can use to access your computer’s file system and read or delete files. This only affects you if you go to an untrusted Dapp that is aware of these vulnerabilities and is specifically trying to attack you. We recommend upgrading Mist to avoid exposure to attacks.

Affected Configurations: All Mist versions below 0.8.6. This vulnerability does not affect Ethereum wallets as it cannot load external DApps.
something that could happen: middle
severity: High

summary

Some Mist API methods are exposed, allowing malicious web pages to access privileged interfaces that can delete files on the local file system, execute registered protocol handlers, and obtain sensitive information such as the user directory or the user’s “coinbase”. It has become possible. Vulnerable exposed Mist API:

mist.shell

mist.dirname

mist.syncMinimongo

web3.eth.coinbase

now

null

If the account is not accepted for dapp

solution

Upgrade to: Latest version of Mist browser. Do not use older versions of Mist to navigate to untrusted webpages or local webpages from unknown sources. Ethereum wallets are not affected as they do not allow external page navigation. This is a reminder that Mist is currently only being considered for Ethereum app development and should not be used by end users to browse the public web until it reaches at least version 1.0. Mist’s external audit is scheduled for December.

a big thank you @tintinweb There is a repro app that is very useful for testing vulnerabilities!

We are also thinking about adding Mist to our bounty program. If you discover any vulnerabilities or serious bugs, please contact us at: bounty@ethereum.org


Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Bitcoin hit $ 101K to reclaim six pictures as Trump confirmed us. British trade transaction

May 9, 2025

CVE-2025-30147- BESU

May 8, 2025

Crypto Rallies, US-Chaina Trade Conversation Beginning, Today FOMC Determination

May 7, 2025
Add A Comment

Comments are closed.

Recent Posts

COREWEAVE completes the AI ​​developer platform weight and bias acquisition.

May 9, 2025

Ether Lee’s Staying Surges: Is PECTRA attracting more than retail investors?

May 9, 2025

The new blockchain T-Rex raises $ 17 million in Web3 to convert the Layer Layer.

May 9, 2025

HKMA reports stable credit conditions for SMEs in the first quarter of 2025.

May 9, 2025

SEC’s CRENSHAW Slams Ripple Settlement, ‘Regulatory Vacuum’ Warning

May 9, 2025

Tether launches USD ES in KAIA blockchain to promote Web3 adoption in Asia.

May 9, 2025

Easy to get Daily Crypto -Bow Miner’s AI Cloud Mining can benefit while sleeping!

May 9, 2025

Bitcoin hit $ 101K to reclaim six pictures as Trump confirmed us. British trade transaction

May 9, 2025

Bitcoin’s APRIL SURGE sets a promising summer stage.

May 8, 2025

Bitcoin Options BTC’s potential to emphasize the new all -time high

May 8, 2025

Bitcoin increases to $ 101.7K due to the rapid increase in US strategic preliminary billing and the rapid increase in BTC.

May 8, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

COREWEAVE completes the AI ​​developer platform weight and bias acquisition.

May 9, 2025

Ether Lee’s Staying Surges: Is PECTRA attracting more than retail investors?

May 9, 2025

The new blockchain T-Rex raises $ 17 million in Web3 to convert the Layer Layer.

May 9, 2025
Most Popular

Can the Bulls defend this key support?

March 19, 2024

Ethereum Price Drops 5%: Is This a Correction or the Beginning of a Bigger Decline?

December 19, 2024

Minutes Network Forms Strategic Relationship with USA Wholesale Voice Communications Aggregator Next Communications, Inc.

January 19, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.