Slack has patched a critical remote code execution vulnerability that could enable an attacker to execute arbitrary code in the desktop version of its collaboration software, researchers report.