Sometimes a big security flaw crops up in the software that ships with new computers, and that’s the situation Dell finds itself in. More importantly, so do its users after it came to light that a version of Dell’s SupportAssist software has been vulnerable since at least October of last year.
The app normally claims to be “the industry’s first automated proactive and predictive support technology,” but right now, its claim to fame is being a security hole that’s installed on “most of all new Dell devices running Windows.” According to 17-year-old security researcher Bill Demirkapi, it’s been a security issue for at least six months. There’s good news in that it was only an issue if someone on a local network was able to try and take advantage of it, but that’s cold comfort for those with machines that are at risk.
Right now, there are a couple of different options that owners of Dell computers running the SupportAssist software can take. The first is to fully uninstall it, which we might be tempted to do given how much we doubt its purpose, and the other is to update to SupportAssist v220.127.116.11 or later. Dell has a support page available with details on the vulnerability, as well as a link to the updated version of SupportAssist, for those who want it.
Dell SupportAssist Client versions prior to 18.104.22.168 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.
Dell SupportAssist Client versions prior to 22.214.171.124 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.
This isn’t the first time that an OEM has shipped software on new computers that then turned out to be a gaping security hole, and unfortunately, we doubt it will be the last.
You may also like to check out:
- Download iOS 12.2 Final IPSW Links And OTA Update For iPhone And iPad
- Download: iOS 12.3 Beta 4 IPSW Links, OTA Update Out Now For iPhone And iPad
- iOS 12 / 12.1.2 iPhone XS Max Jailbreak Update Provided By Unc0ver Lead Developer
- iOS 12.2 Jailbreak Status: Here’s What You Need To Know
- Jailbreak iOS 12 / 12.1.2 / 12.1.2 Beta 3 With Unc0ver And Install Cydia, Here’s How [Tutorial]
- How To Downgrade iOS 12.2 To iOS 12.1.4 On iPhone Or iPad