Skip to main content

Security researcher blabs that Google App Engine is vulnerable to attack

According to a report released on Seclist.org’s Full Disclosure, a new set of vulnerabilities could leave Google’s App Engine open to attack from a rudimentary Java exploit.

Seven different unpatched holes were discovered by Adam Gowdiak, CEO of the Polish security firm Security Explorations. The exploit uses the cloud platform Google App Engine to launch a defunct string of Java code, which can then be executed to break out of the first-layer sandbox and wreak havoc on protected areas of Google’s servers.

Recommended Videos

This is a huge problem for the Internet search giant, who could have been losing sensitive customer data, or even files from the company’s internal operations for months on end without even realizing it. Fortunately, there’s no evidence the attack has been used by malicious hackers as of yet.

As is the case with most vulnerabilities, Gowdiak waited for a response from Google for several weeks before going public. Publishing his findings to news outlets is a way to kick the company into gear, and force it to address the issue whether it likes it or not.

“It’s been 3 weeks and we haven’t heard any official confirmation / denial from Google with respect to Issues 37-41,” said Gowdiak in his post on Full Disclosure. “It should not take more than 1-2 business days for a major software vendor to run the received POC, read our report and / or consult the source code.”

Ars Technica reached out to Google for a response on the issue, and received the canned response you’d expect from any entity its size. “A researcher recently reported a known issue affecting a preliminary layer of security in Google App Engine. We’re working with him to mitigate it; users don’t need to take any action.”

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
Your Google Photos app may soon get a big overhaul. Here’s what it looks like
The Google Photos app running on a Google Pixel 8 Pro.

Google Photos is set to get a long-overdue overhaul that will bring new and improved sharing and notification features to the app. With its automatic backups, easy sorting and search, and album sharing, Google Photos has always been one of the better photo apps, and now it's set to get a whole slew of AI features.

According to an APK teardown done by Android Authority and the leaker AssembleDebug, Google is now set to double down on improving sharing features. Google Photos will get a new social-focused sharing page in version 6.85.0.637477501 for Android devices.

Read more
This is what Google Maps’ big redesign looks like
Redesigned Google maps.

Redesigned Google Maps app Google

In recent years, Google Maps has felt like it's an afterthought to Google. As Apple Maps continues to improve with better navigation, cleaner transit layers, and better information, Google Maps has lagged. That’s why we’re thrilled about the redesigned Google Maps app that Google showcased at Google I/O 2024.

Read more
5 calendar apps you should use instead of Google Calendar
A person using a calendar app on an Apple iMac.

Google Calendar is an incredibly popular way to manage your schedule, but there are plenty of reasons that you might want to find an alternative. From concerns over Google’s privacy practices to a desire to break free of its rigid customization constraints, you might have decided it’s time to step away and find something new.

If that’s the case, you’re in the right place. We’ve rounded up five of the best alternatives to Google Calendar, and each app offers plenty of compelling reasons to take it for a spin. Whether you’re looking for more features or are just sick of Google, there should be something for you here.
Fantastical

Read more