fbpx
PhotographyResearchers Find Critical 'Zero-Click' Vulnerability in Synology Photos App

Researchers Find Critical ‘Zero-Click’ Vulnerability in Synology Photos App

-

- Advertisment -spot_img


A security researcher from Midnight Blue, a Dutch security consultant, discovered a “zero-click” vulnerability in Synology NAS software that uses the pre-installed Photos app.

As reported by Wired, the vulnerability was discovered at the Pwn2Own hacking contest in Ireland by security researcher Rick de Jager and exists in Synology’s Photos NAS application and BeePhotos for BeeStation software.

“The vulnerability was initially discovered, within just a few hours, as a replacement for another Pwn2Own submission. The issue was disclosed to Synology immediately after demonstration, and within 48 hours a patch was made available which resolves the vulnerability,” Midnight Blue says.

“However, since the vulnerability has a high potential for criminal abuse, and millions of devices are affected, a media reach-out was made to inform system owners of the issue and to stress the point that immediate mitigative actions are required.”

A “zero-click” vulnerability describes an exploit that does not require authentication, which allows attackers to exploit it over the internet without needing to bypass a gateway, Wired explains. Once in, an attacker could gain root access and install and execute any code on the device.

Synology was made aware of the vulnerability last week, right after the Pwn2Own hacking contest result, and quickly pushed out a fix. However, since Synology NAS devices do not automatically update themselves, owners are encouraged to update their devices immediately. The fix is available for BeePhotos for BeeStation OS 1.1 (Upgrade to 1.1.0-10053 or above), BeePhotos for BeeStation OS 1.0 (Upgrade to 1.0.2-10026 or above), Synology Photos 1.7 for DSM 7.2 (Upgrade to 1.7.0-0795 or above) and Synology Photos 1.6 for DSM 7.2 (Upgrade to 1.6.2-0720 or above).

NAS are a common target for attackers because they usually contain large amounts of personal data. In July 2021, Western Digital’s My Book Live NAS products suffered a major attack due to two major vulnerabilities. The problem was so severe that it allowed attackers to remotely access the devices and wipe the hard drives. Western Digital was able to patch the problem by instructing users to update their operating systems, but not all affected devices were capable of being updated. Additionally, there were issues with the updated software that caused other problems for photographers.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

15 Festive Christmas Recipes to Delight Your Taste Buds – News18

Last Updated:December 25, 2024, 00:42 ISTFrom decadent desserts to savory mains, these dishes will fill your home with...

NFL stars share favorite Christmas memories amid holiday season

The holiday season for NFL players means focusing on finishing the regular season strong with only a...

Footwear brand Skechers launches premium flagship store in Prague

Skechers announced that The Comfort Technology Company has opened a new flagship store in the center of Prague. Ideally...

Centuries-old angels uncovered beneath layers of paint at Boston church made famous by Paul Revere

Mural conservators are working to uncover 20 angels hidden under layers of paint for more than a...
- Advertisement -spot_imgspot_img

Pregnant woman and baby saved after doctors find grapefruit-sized tumor: ‘Extremely rare’

Join Fox News for access to this content Plus special access to select articles and other premium content...

Must read

New country album pays homage to Tom Petty

New country album pays homage to Tom Petty...

At least 10 shot dead as section of Kenyan parliament set on fire

At least ten people were shot dead in...
- Advertisement -spot_imgspot_img

You might also likeRELATED
Recommended to you