Time to update your Portable Apps to mitigate DLL hijacks

[hazelnut]

Following on from the Wikileaks recent documents, Portable Apps have today released 14.4

 

 

Over the past few days, Wikileaks posted a series of documents purported to be from the CIA in a dump of files dubbed "Vault 7". Within those documents are references to a project called "Fine Dining" which details how a field agent can alter their own software on a portable device to include additional functionality to enable spying and other covert activities while appearing innocuous to those who happen to see the agent using their portable software.

 

 

The list of affected software includes VLC Player Portable, Irfan View, Chrome, Opera, Firefox, ClamWin, Kaspersky TDSS Killer, McAfee Stinger, Sophos Virus Removal Tool, Thunderbird, Opera Mail, Foxit Reader, Libre Office Portable, Prezi, Babel Pad, Notepad++, Skype, Iperius Backup, Sandisk Secure Access, U3 Software, 2048, LBreakout2, 7-Zip Portable and Portable Linux CMD Prompt. Some PortableApps.com Launchers are also affected by these techniques

 

http://portableapps.com/news/2017-03-13--mitigating-dll-hijacks-with-the-portableapps-com-platform

 

14.4 download

http://portableapps.com/download

[login123]

Wow, that list covers a lot of territory. 

[Andavari]

So they've updated the Platform, however I don't see any updates to the portable software itself unless I'm reading everything wrong and the vulnerability was only in the Platform itself.