Software Bugs Monthly Digest – March 2021
by Yulia Lomanova | April 6, 2021 6:54 am
March has been quite a busy month for software developers and testers. Recent flaws in popular applications have allowed malicious users to send harassing messages that cannot be blocked, and hijack group chats. The video game cheating crisis has also reached new highs.
Here is a recap of the most talked-about software bugs this March.
Slack Blocks Public DM (Direct Message) Invitations over Harassment Concerns
The Slack Connect DM feature that allows sending invitations to one’s workspace became generally available just about a week ago, but it has already provoked a backlash after people started receiving abusive messages.
Before Slack’s changes, users could add a customized text within the invite. However, it soon became obvious[1] that the feature could be used to send abuse and harassment. What’s more, since the invites are sent from a single feedback@slack.com account, blocking them means all Connect DM invites would be marked as spam. The company has already disabled the option to send a message alongside an invite.
Our final thoughts on this incident are that usability testing[2] remains of paramount importance, especially when it comes to “unusual” user scenarios. Even though the production team checks the product from head to toe, it is advisable to use an uninfluenced, third-party view of the software to foresee and prevent such undesired user behavior.
Zoom Screen-Sharing Bug Reveals Private User Data
A newly discovered bug in Zoom’s screen sharing feature can leak private information to other meeting participants.
The feature allows showing an entire screen or particular applications. The issue lies in the fact that a second application, overlayed on top of an already shared one, can reveal its contents. Depending on the nature of the data, this can have serious consequences if meeting participants take advantage of the weakness by using a screen capture tool to record what is happening on the screen and extract the private information.
Given that malicious users would never miss an opportunity to exploit software weaknesses, thorough functional testing[3] is the only way to protect product reputation.
Game-Breaking Fortnite Bug Gives Unlimited Health
Players are already discovering all sorts of bugs in Fortnite Season 6, and the recently detected unlimited health glitch has shaken the gaming community. If you wаnt to give this one а try for yourself, you’ll need to get а Slurp Mushroom, heаd over to а Port-а-Potty, get it done to low HP, eаt а mushroom, hop inside аnd then hаve your buddy breаk it for you. There is currently no word on whether this one will be fixed for the next updаte, but it could certаinly become аn issue in the future since this glitch doesn’t require аny difficult steps for plаyers to reproduce.
Game testing[4] is a great opportunity not only to make sure your game mechanics are consistent and the gameplay is fun. It also helps to reduce the number of weak spots for cheating in video games.
Flaws in WordPress Plugins Affects Millions of Websites
When it comes to WordPress, which is one of the world’s leading open-source CMSs, bugs hit users hard on a global scale – over 7 million websites were affected through two popular WordPress plugins. The flaws were detected in Elementor, a website builder plugin, and WP Super Cache, a tool used to serve cached pages of a WordPress site. The bug involved a set of stored XSS vulnerabilities occurring when a malicious script was injected directly into a vulnerable web application.
This without a doubt is another proof that security testing[5] is crucial if you do not want your product to cause panic among the users.
Critical Security Bugs Detected in Virtual Learning Platform
Netop, the company behind a popular software tool designed to let teachers remotely access student computers, has reported (and fixed) security bugs in its platform. The critical vulnerabilities could allow attackers to hijack school chats, deliver malware, determine the IP addresses of students, eavesdrop, and more.
Meeting the security requirements in an e-learning system is a complex problem as it is necessary to protect the content, services, and personal data. Cybersecurity can be ensured by conducting security testing according to the OWASP methodology[6].
Bonus for Bug Bounty Hunters!
Microsoft has launched a new bug bounty program for the Teams desktop client[7] that offers $30,000 to security testers for reporting previously unknown vulnerabilities.
The program lists five specific scenarios:
- High-impact vulnerabilities – “remote code execution (native code in the context of the current user) with no user interaction” – come with rewards up to $30,000.
- Flaws that lead to an “ability to obtain authentication credentials for other users* (note: does not include phishing)” would rate a maximum of $15,000.
- The compensation for general bugs — from remote code execution vulnerabilities to spoofing or tampering — ranges from $500 to $15,000, depending on the severity of the flaw, and the reporting quality.
[8]
Learn more from QATestLab
Related Posts:
- it soon became obvious: https://twitter.com/44/status/1374737695444901891
- usability testing: https://qatestlab.com/services/manual-testing/ux-usability-testing/
- functional testing: https://qatestlab.com/services/manual-testing/functional-testing/
- Game testing: https://game.qatestlab.com/
- security testing: https://qatestlab.com/services/manual-testing/security-testing/
- the OWASP methodology: https://qatestlab.com/resources/webinars/security-testing-how-to-test-for-injection-and-broken-authentication/
- bug bounty program for the Teams desktop client: https://msrc-blog.microsoft.com/2021/03/24/introducing-bounty-awards-for-teams-desktop-client-security-research/
- [Image]: https://qatestlab.com/services/?utm_source=Blog&utm_medium=Post&utm_campaign=services
Source URL: https://blog.qatestlab.com/2021/04/06/bugs-digest-march-2021/