A validation flaw in G Suite and Gmail that allowed malicious emails to bypass DMARC and SPF protections has now been fixed.
However, a validation vulnerability in Google Drive still persists – the potential risk of this is downloading malware on the users’ end.
The security flaw was discovered thanks to the efforts of Allison Husain, a cyber security researcher.
DMARC vulnerabilities of this nature are a threat because they allow for email spoofing.
Malicious actors who utilise this tactic can masquerade as an authority figure such as someone’s boss or an administrator, often using a form of pressure in an attempt to extract sensitive data from the victim.
Before the flaw was fixed, these types of emails were able to fly past the ‘Reject’ filter.
Husain privately reported the issue to Google on 3rd April 2020, therefore giving the company a generous window of time to address it before publishing her findings publically on 19th August 2020.
Given the complexity of the bug, David Wolpoff, CTO and co-founder of Randori, believes that it is not surprising that it took Google’s security team quite a while to patch it up.
The good news is that malicious actors are unable to read the responses they would get from such emails, and they are unable to access the victim’s inboxes.
The Google Drive bug is still active though and is potentially much more dangerous.
The bug could be exploited to send malicious files that look like legitimate images or other documents.
The exploit is based on misusing the ‘manage versions’ functionality that allows users to update the files as needed.
The problem is that no verification is present at this point, so a malicious actor could sneakily upload a file with a different extension than that of the original.