|
|
[br]
[br][br]If you own a recently launched Dell-made Windows laptop, there's a good chance that your system is vulnerable to a remote hijack.[br][br]Yes, a 17-year-old security researcher has found that a program pre-installed in these laptops hosts a vulnerability that can be exploited remotely to breach your security.[br][br]Here's more about the bug and the way to fix it.[br][br]Issue[br][br]Dell's SupportAssist had a bug since October[br][br]The researcher, Bill Demirkapi, analyzed Dell's 'SupportAssist' program and found the bug in it.[br][br]The tool comes with administrator-level Windows access and automatically updates drivers, adjusts settings, and cleans used files.[br][br]However, Demirkapi found that a malicious third party can hijack the updates pushed by the program and use them to install malware on a targeted computer.[br][br]Scale[br][br]Issue affecting Dell laptop at least since October[br][br]It's not exactly clear how many PCs are affected by the issue but Demirkapi says he unearthed it after replacing his MacBook Pro with a Dell G3 laptop in October.[br][br]He has released a detailed write-up explaining the issue and its possible exploit but noted that the attack could be carried only when the victim visits a malicious website set up by an attacker.[br][br]
[br][br]Both parties have to be on the same network[br][br]Additionally, in order for the attack to work, both parties, the attacker and the victim, have to be on the same network. Now, this could be any public Wi-Fi network, be it at your nearest Starbucks or the one in your school/college.[br][br]Fix[br][br]How can you fix this issue[br][br]If you have a new Dell laptop with SupportAssist, there are two ways to close this loophole - update or uninstall.[br][br]Dell had released a fix for the issue earlier this year, which means updating the tool to version 3.2.0.90 or newer should close the vulnerability.[br][br]Alternatively, you can also remove the tool from your PC altogether to be on the safer side.[br][br]No comment from Dell yet[br][br]So far, Dell has neither commented on the matter nor explained if the bug has been exploited by anybody. Hopefully, more details will be revealed by the company.[br][br]Previous Case [br][br]Similar kind of vulnerability compromised ASUS laptops[br][br]The issue affecting Dell notebooks comes just a month after a similar kind of bug was used to compromise several ASUS laptops.[br][br]Security research company Kaspersky Lab had revealed that the Taiwanese giant's live software updater was compromised to spread malware on several PCs.[br][br]The issue affected hundreds of computers but has now been fixed by the company.[br][br]Keep Using and Enjoying Infinix.[br][br]Source: newsbytes. |
|
发表于 2019-05-04 20:15:12
收藏
Like
Stick Card
Jack
楼主