Home » News » Apps » Dell’s SupportAssist app had serious security flaws, reveals 17-year-old

Dell’s SupportAssist app had serious security flaws, reveals 17-year-old

By Vignesh Giridharan | Updated on 03-Jun-2020
Dell’s SupportAssist app had serious security flaws, reveals 17-year-old
Vignesh Giridharan Vignesh Giridharan
05 May 2019 11:38
HIGHLIGHTS

Dell SupportAssist Client harboured serious vulnerabilities for a long time.

They were discovered by a 17-year-old American security researcher.

Dell issued a fix for them recently.

Dell's SupportAssist, an inbuilt tool designed to install the right drivers and perform health checks on Dell PCs, had been harbouring a couple of security vulnerabilities since at least September last year. The discovery of the two high-severity vulnerabilities was made by Bill Demirkapi, a 17-year-old security researcher from Boston, Massachusetts when he decided to replace his aging MacBook Pro with a Dell G3 15.

Named Remote Code Execution Vulnerability (CVE-2019-3719), the first vulnerability allows an unauthenticated attacker to share the network access layer with the vulnerable system and let the attacker compromise the system by tricking a victim into downloading and executing arbitrary executables using SupportAssist from attacker hosted sites. The second vulnerability, called Improper Origin Validation (CVE-2019-3718), allows an authenticated attacker to exploit the vulnerability to attempt one-click attacks on users of affected PCs.

Demirkapi, who recounts his discovery in a blog post, apparently wrote to Dell about the vulnerabilities back in late October. Soon, Dell acknowledged the existence of the vulnerabilities and promised to roll out a fix in the first quarter of 2019. In late April, Dell released an advisory on the matter. According to Dell, SupportAssist Client version 3.2.0.90 (and later) contains resolutions to the reported vulnerabilities. What does this mean for you? If you own a Dell PC, you should update SupportAssist to this version or later as soon as possible.

A couple of months ago, WinRAR patched a 19-year-old security vulnerability in the archival tool's code after security researchers outlined its potential risks in a public blog post. The vulnerability allowed attackers to extract malicious software anywhere on the PC's hard drive. A little before that, an Indian security researcher found a security vulnerability in the Microsoft Store app on Windows 10 that could potentially affect over 400 million users.

Vignesh Giridharan

Vignesh Giridharan

Progressively identifies more with the term ‘legacy device’ as time marches on. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo