ALL-INKL.COM - Webhosting Server Hosting Domain Provider

Logitech Options vulnerable!

Logitech’s Options Software is the key component to
customize the behavior of your input devices from them.
However an exploit has been discovered by the Google
Project Zero team. All users should update immediately!

If you haven’t done so already, download he newest version that adresses the problem, here: https://www.logitech.com/en-us/product/options

If you don’t update, then chances are high that your computer may be hacked in no time:

Attackers could exploit this issue by sending simulated keystrokes from any website and thus execute pretty much anything on affected systems.

Ormandy discovered the issue when he installed the software to configure the buttons of his mouse on Windows. The 150 MB large application automatically starts when Windows starts and then also opens the vulnerable port on which a websockets service runs. Websites can communicate directly with the websockets service and because there is no authentication, it will accept any command it receives. Even worse, the software also doesn’t check where the commands originate from, which means it will accept any commands from any website.

Only one small security measure could stop a possible attack but is easily bypassed, as Ormandy explains, “the only “authentication” is that you have to provide a pid [process ID] of a process owned by your user, but you get unlimited guesses so you can brute force it in microseconds.”


December 17, 2018 Netspark - 1465 posts - Member since: May 9th, 2011 No Comments »

RATING :
Rockbottom!Very badBadAverageGoodVery goodAwesome! (1 votes, average: 7.00 out of 7)
Loading...
FILED UNDER :Computer , News , Technology , Thoughts
TAGGED WITH : , , , , ,

Leave a comment