Summary
Key Points:
- A one-click attack via Microsoft Visual Studio Code (VS Code) allows attackers to steal GitHub OAuth tokens, granting full access to repositories, including private ones.
- The vulnerability affects users utilizing GitHub.dev, where malicious VS Code extensions can be installed without proper trust checks, enabling the theft of OAuth tokens through JavaScript exploits in untrusted webviews.
- Immediate actions include avoiding the use of GitHub.dev until a patch is released and monitoring for any unauthorized access to GitHub repositories.
Technical Details: The attack exploits a message-passing mechanism between VS Code and webviews, allowing malicious JavaScript to simulate keypresses and install extensions that extract OAuth tokens. This vulnerability does not affect the desktop version of VS Code.
MITRE ATT&CK Techniques:
- T1203 - Exploitation for Client Execution (Execution)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.