πŸ§‘β€πŸ’» Asana desktop app - Security update

Hi all,

On February 5th, Asana received information from a third-party researcher regarding an issue in the Asana desktop app, whereby a malicious actor could have compromised the Asana Desktop application by allowing the attacker to read files from a computer running the Asana application.

In principle, the issue could have allowed an attacker to read files from a computer running the Asana app. We have no evidence that anyone has exploited this issue.

We have fixed this issue in version 1.6.0 of the desktop app, released on February 9th. If you still have a vulnerable version of the desktop app, it will automatically prompt you to upgrade. If you are unsure you can download the new version of the app from Download the Asana App for Mobile and Desktop β€’ Asana. All users of the Asana desktop app are strongly encouraged to upgrade to the newest version (1.6.0) which fixes this issue. Users who do not use the desktop app are unaffected.

If you have any follow-up question or require assistance please reach out to our support team.

Thank you to security researcher Hector β€œp3rr0” Peralta for telling us about this issue. This issue has been assigned CVE-2022-26877.

3 Likes

Thank you for the update.
How would users find their app version?

1 Like

Same question as Paul. I looked through all the tabs in my settings on desktop app and not able to find anywhere to check what version I am running.

Hi @Paul_Grobler and @Sam_Kelly!

On Mac, you need to click on β€œAsana” right next to the apple in the top left corner of your screen and then select β€œAbout”.

I’m unsure about Windows, but I’ll try to find out :slight_smile:

2 Likes

This topic was automatically closed after 12 hours. New replies are no longer allowed.