Dells SupportAssist app had serious security flaws, reveals 17-year-old

SHARE:

Twitter Facebook Google Pinterest
0 0 Sunday 5 May 2019 Edit this post

Dell's SupportAssist, an inbuilt tool designed to install the right drivers and perform health checks on Dell PCs, had been harbouring a...

Dell's SupportAssist, an inbuilt tool designed to install the right drivers and perform health checks on Dell PCs, had been harbouring a couple of security vulnerabilities since at least September last year. The discovery of the two high-severity vulnerabilities was made by Bill Demirkapi, a 17-year-old security researcher from Boston, Massachusetts when he decided to replace his aging MacBook Pro with a Dell G3 15.

Named Remote Code Execution Vulnerability (CVE-2019-3719), the first vulnerability allows an unauthenticated attacker to share the network access layer with the vulnerable system and let the attacker compromise the system by tricking a victim into downloading and executing arbitrary executables using SupportAssist from attacker hosted sites. The second vulnerability, called Improper Origin Validation (CVE-2019-3718), allows an authenticated attacker to exploit the vulnerability to attempt one-click attacks on users of affected PCs.

Demirkapi, who recounts his discovery in a blog post, apparently wrote to Dell about the vulnerabilities back in late October. Soon, Dell acknowledged the existence of the vulnerabilities and promised to roll out a fix in the first quarter of 2019. In late April, Dell released an advisory on the matter. According to Dell, SupportAssist Client version 3.2.0.90 (and later) contains resolutions to the reported vulnerabilities. What does this mean for you? If you own a Dell PC, you should update SupportAssist to this version or later as soon as possible.

A couple of months ago, WinRAR patched a 19-year-old security vulnerability in the archival tool's code after security researchers outlined its potential risks in a public blog post. The vulnerability allowed attackers to extract malicious software anywhere on the PC's hard drive. A little before that, an Indian security researcher found a security vulnerability in the Microsoft Store app on Windows 10 that could potentially affect over 400 million users.



from Latest Technology News http://bit.ly/2WogaFl

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
Name

7,1,Airtel,1,Andriod,1,Android,4,Android Q,1,apex,1,Apple,7,Apps,1,Asus Rog,1,Black Shark 2,2,Boeing 737 MAX,1,Bsnl,2,camera,2,CPU,3,Donald Trump,1,Earphone,1,Facebook,5,Fan,1,Fitbit,1,foldable Phone,2,Fortnite,1,Galaxy A40,1,Galaxy s10,1,Galaxy s10e,1,Games,10,gaming,1,Google,6,Google Pixel 2,1,Honor 10i,1,Huawe,1,Huawei,6,Huawei GT,1,IBM,1,Instagram,2,Internet,2,ios,2,iPad,2,iphone,2,Israel,1,jiomart,1,Laptop,1,Leica Q2,1,M20,1,mac,1,MacOS,1,Mi 9,1,Mi A2,1,Mi LED TV,1,MicroSoft,3,mobile,1,Moon,2,Mozilla,1,Nasa,2,News,1,Nokia,4,Nokia 62,1,Nvidias,1,OnePlus,4,Oppo,5,P30,3,Pixel,1,Poco F1,1,Pubg,12,Qualcomm,2,Redmi 3,1,Redmi 6 Pro,1,Redmi 7,1,Redmi Note 7,1,reliance,1,Reno,1,samsung,11,Skype,1,SmartPhone,56,Social,5,Spotify,1,Tech,35,Telecom,3,Touchpad,1,Tournament,1,TV,1,Twitter,1,Vivo,2,Watch,2,WhatsApp,1,Xbox,1,Xiaomi,16,y9li,1,
ltr
item
Genius Baba: Dells SupportAssist app had serious security flaws, reveals 17-year-old
Dells SupportAssist app had serious security flaws, reveals 17-year-old
http://feeds.feedburner.com/~r/digit/latest-news/~4/duyJtz4p0KY
Genius Baba
https://geniusbabaa.blogspot.com/2019/05/dells-supportassist-app-had-serious.html
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/2019/05/dells-supportassist-app-had-serious.html
true
7104319406113350277
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy