Dropbox 1.2 Experimental Build Fixes Security Issue - gHacks Tech News

Dropbox 1.2 Experimental Build Fixes Security Issue

In Dropbox Insecure?, we reported on a security issue that affected all Dropbox users. A configuration file that is placed on an authorized computer after enabling Dropbox on it was improperly protected. Attackers could use the file on any other computer with Dropbox to download all files of the original owner, without entering the Dropbox login credentials or notifications in the Dropbox dashboard that another device was used to download the data.

The issue caused quite the controversy among users, as it could only be exploited if an attacker was able to get access to the computer. And with access, come all kinds of power including the ability to snag files directly from the local computer.

dropbox update

Still, Dropbox addressed the issue quickly on their website and promised to deliver an update that would resolve the issue.

That update is now available in form of an experimental Dropbox 1.2 build for all supported desktop operating systems.

Users can download Dropbox 1.2 from the official Dropbox website. It needs to be noted though that experimental builds may not be as stable as release builds. Cautious users may consider waiting for the final release of Dropbox 1.2 before updating to the new version. This may take a few weeks though.

Dropbox 1.2 introduces a new encrpyted database format to "prevent unauthorized access to local Dropbox client database" in addition to the security enhancements. This is related to the security issue, as the user who discovered the vulnerability in first place did uncover it by analyzing the local Dropbox client database.

Some third party applications that rely on databases will stop working after updating Dropbox to version 1.2.

It took Dropbox less than two weeks to develop the means to protect the configuration files and databases on the local system. Good work.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

    Leave a Reply

    Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

    Please note that your comment may not appear immediately after you post it.