Parity Technologies said that the vulnerabilities found by the Cisco Systems Inc. have been fixed in new versions of the Ethereum client software.
Please read our full statement. pic.twitter.com/1NBgIqPi9q
— Parity Technologies (@ParityTech) 11 января 2018 г.
As stated in the developers' statement, the JSON-RPC interface, which supports the function of cross-domain requests, could really provide attackers with public information about an account to create an application for "undesirable transactions" and provide these transactions for signature to the user.
However, the company emphasizes, a potential leak of information could not contain confidential information, including private keys. All problems associated with the JSON-RPC interface have been fixed in the latest Parity software updates.
In addition, developers have changed the basic settings of the function of cross-domain requests in order to avoid information leakage. Now users must manually add secure domains to the whitelist in order to allow Parity software to interact with them.