![]() ![]() ![]() In addition, R version 3.2.2 was released and now uses HTTPS internally for package updates by default. End-users and distributors of RStudio are encouraged to update to this latest version. This version addresses all of the below concerns. Since reporting these issues, RStudio version 0.99.473 has been released. This advisory will discuss all three issues. A remote attacker could leverage these flaws to run arbitrary code in the context of the system Administrator by leveraging two particular flaws in the update process, and as the RStudio user via the third update process flaw. Prior to RStudio version 0.99.473, the RStudio integrated toolset for Windows is installed and updated in an insecure manner.
0 Comments
Leave a Reply. |