The developers of Discord, a popular VoIP and chat platform, have fixed a critical flaw that exposed users to remote code execution attacks. Masato Kinugawa, a cybersecurity specialist and participant in multiple vulnerability programs, developed a chain of exploits to describe the attack process, which would involve exploiting various errors.
Tracked as CVE-2020-15174, exploiting this flaw in combination with two other vulnerabilities allowed Kinugawa to exploit remote code to bypass security restrictions and use the XSS flaw to access a web page where an RCE payload was stored. After Kinugawa filed the report through Discord’s rewards program, the developers disabled Sketchfab’s inlays, completely mitigating the possibility of exploitation.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.