Horoscope not updating

by  |  30-Nov-2014 03:11

This update addresses critical security vulnerabilities inside the underlying Intelli J Platform.

The cross-site request forgery (CSRF) flaw in the IDE’s built-in webserver allowed an attacker to access local file system from a malicious web page without user consent.

Over-permissive CORS settings allowed attackers to use a malicious website in order to access various internal API endpoints, gain access to data saved by the IDE, and gather various meta-information like IDE version or open a project.

Our huge thanks go to Jordan Milne for disclosing these issues and working closely with us and to Android Studio team from Google for perfect collaboration while working on the fixes.

For a brief amount of time it did leave my computer useless, because I could not mount any external drive (which I have nearly all my personal and other files on).

[Which, BTW, is currently at Beta stage.] This error is known on many distros and across a large time-frame, so this is by far not a new problem.

Community Discussion