Skip to main content

Security researcher blabs that Google App Engine is vulnerable to attack

security researcher blabs that google app engine is vulnerable to attack bvyifsp
Image Credit: Pixabay
According to a report released on Seclist.org’s Full Disclosure, a new set of vulnerabilities could leave Google’s App Engine open to attack from a rudimentary Java exploit.

Seven different unpatched holes were discovered by Adam Gowdiak, CEO of the Polish security firm Security Explorations. The exploit uses the cloud platform Google App Engine to launch a defunct string of Java code, which can then be executed to break out of the first-layer sandbox and wreak havoc on protected areas of Google’s servers.

This is a huge problem for the Internet search giant, who could have been losing sensitive customer data, or even files from the company’s internal operations for months on end without even realizing it. Fortunately, there’s no evidence the attack has been used by malicious hackers as of yet.

As is the case with most vulnerabilities, Gowdiak waited for a response from Google for several weeks before going public. Publishing his findings to news outlets is a way to kick the company into gear, and force it to address the issue whether it likes it or not.

“It’s been 3 weeks and we haven’t heard any official confirmation / denial from Google with respect to Issues 37-41,” said Gowdiak in his post on Full Disclosure. “It should not take more than 1-2 business days for a major software vendor to run the received POC, read our report and / or consult the source code.”

Ars Technica reached out to Google for a response on the issue, and received the canned response you’d expect from any entity its size. “A researcher recently reported a known issue affecting a preliminary layer of security in Google App Engine. We’re working with him to mitigate it; users don’t need to take any action.”

Editors' Recommendations

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
The difference between Google One and Google Drive
Google One home page in Safari on a MacBook.

As a Google Drive user, you may have heard or read about Google One. What was once simply paid additional storage for Google Drive is now known as Google One. Since 2018, Google Drive users have had the option to subscribe to the service for the added storage along with extra benefits.

You may be wondering if you need Google One, what the benefits of the service include, and how much it costs. We’re here to give you answers.
Google One versus Google Drive

Read more
Google is officially killing yet another chat app
A woman using a laptop with the Google Hangouts and Google Chat icons.

Google Hangouts is finally, really going away for everyone in November of 2022, and Google Chat is ready to step in as a full-featured replacement. Once reserved for Google Workspace subscribers, Chat generally offers more capabilities, so it's a good trade.

Every change involves learning how the new system works, and the fine details can sometimes be frustrating. Getting an early start is the best way to take control of the situation and manage the transition on your own schedule.

Read more
3 Unreal Engine 5 features PC gamers need to know about
A character standing in the Unreal Engine 5 demo.

Epic just opened up Unreal Engine 5 to all developers, after releasing the game engine into early access in 2021. It's being used to develop a new Tomb Raider game, and it promises to provide a true generational leap in how games are developed for PC and consoles.

Short of Fortnite, we don't have any Unreal Engine 5 games at the moment. But there's still a lot to get excited about. Here are the three most important Unreal Engine 5 features that will make PC games look and play better than ever.
Temporal Super Resolution

Read more