Communications of the ACM
Dell Laptops and Computers Vulnerable to Remote Hijacks
A vulnerability in the Dell SupportAssist utility lets attackers execute code with administrative privileges on Dell desktop and laptop computers using an older iteration of that utility.
Credit: Dell
Dell laptops and personal computers can be remotely commandeered via a vulnerability in the Dell SupportAssist utility, which lets attackers execute code with administrative privileges on devices using an older iteration.
The exploit involves enticing users onto a malicious Web page, where JavaScript code can fool Dell SupportAssist into downloading and running files from a site that hackers control.
Security researcher Bill Demirkapi said, "The attacker needs to be on the victim's network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim's machine in order to achieve remote code execution."
The hack has no need of user interaction besides tricking users to access a malicious page, while the JavaScript code can be masked within iframes on authentic sites.
Dell issued a fix for this vulnerability, yet many users will likely remain unprotected if they have not already updated Dell SupportAssist.
From ZDNet
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA
No entries found