A "serious" exploit that allowed spam to be sent to Gmail users without them knowing about it has been shut down.
Google claimed it was quick to counter the exploit, which caused spam to be sent to logged-in Gmail users when they visited specially-crafted websites.
"We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account," Google explained in a statement.
"We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com."
Graham Cluley, senior technology consultant at Sophos, said the flaw was a particularly serious one, even though it appears there was no monetary reward for the scammers.
"Although this particular exploit appears to have been set up for mischief, more malicious hackers could easily have exploited the vulnerability to spread the typical money-making spam we often see or to distribute malware or a phishing attack," Cluley wrote in a blog post.
"Security issues like this are a real concern as more and more people rely upon email communications, and their webmail providers to deliver a reliable, filtered inbox. This was a serious security hole."
Facebook recently made a play in the email sphere with Messages, designed to be better at protecting against spam in comparison to other clients.
The social networking giant last week outlined in a blog how it had "devoted a lot of time and energy to keeping spam and other annoying or malicious communications out."
"Most importantly, Messages uses your social connections on Facebook to ensure that the inbox only contains messages from your friends and their friends by default," Facebook added.
-
AI layoffs could spark a new wave of offshoringNews Analysts expect a wave of rehiring next year in the wake of AI layoffs. That may sound like good news for workers, but it'll probably involve offshoring or outsourcing.
-
Hackers are using these malicious npm packages to target developers Windows, macOS, and Linux systemsNews Security experts have issued a warning to developers after ten malicious npm packages were found to deliver infostealer malware across Windows, Linux, and macOS systems.
-
This handy new Gmail feature is exactly what you need to clean up your inboxNews A simple change in Gmail will give users more control over repeat senders
-
Google Workspace is getting a Gemini makeover – but prices are going to increaseNews The new pricing structure may help Google boost competition with Microsoft
-
Google confirms Gmail is “here to stay” amid speculation over plans to scrap the email serviceNews Claims that Google plans to sunset Gmail were a hoax, so there's no need to panic
-
Google Workspace Review: A simple aesthetic with productivity in mindReviews From free to enterprise, Google’s ever-popular productivity suite has a range of tiers and functions for all sizes of business
-
CloudHQ fully integrates Gmail with Google SheetsNews Users can bulk export email text to Google Sheets, Excel, or CSV files
-
Apple delays iOS 14 privacy changes after Facebook pressureNews The social network complained that limiting the potential to target iOS users would see developers’ revenues collapse
-
Gmail for G Suite becomes a hub for corporate communicationsNews Everything you need is now on one page, but it may get overwhelming
-
How to share your Google CalendarTutorials Follow these easy steps to share your Google Calendar with family, friends or team members
