‘Google Drive flaw may allow hackers to fool users to install malware’

Hackers may trick Google Drive users into downloading malware, so claims system administrator A Nikoci. In an exclusive interview to The Hacker News, Nikoci said that an unpatched security loophole in Google Drive could be misued by hackers to distribute malicious files disguised as legitimate documents or images. He claims that he has already discosed the bug to Google.
The security bug is said to be the ‘manage versions’ feature offered by Google Drive that allows users to upload and manage different versions of a file. The feature allows user to see changes made to his/her files in Drive and keep track of who made those changes. You might see changes when someone: edits or comments in Google Docs, rename sa file or folder, moves or removes a file or folder, uploads a new file to a folder and shares or unshares an item.
As per Nikoci the ‘manage versions’ functionally should allow users to update an older version of a file with a new version having the same file extension, however, this is not the case. “…the affected functionally allows users to upload a new version with any file extension for any existing file on the cloud storage, even with a malicious executable,” told Nikoci to The Hacker News.