Critical Vulnerability in GoSign Desktop Allows Remote Code Execution via Insecure Updates
Security researcher Pasquale 'sid' Fiorillo discovered a critical vulnerability in GoSign Desktop software (version <= 2.4.0) that allows remote code execution through insecure update mechanisms and TLS bypass. The vulnerability exploits disabled TLS certificate verification when a proxy is configured, combined with unsigned update manifests. The vendor, Tin
ush.it6mo ago
