Dell SupportAssist Client harboured serious vulnerabilities for a long time.
They were discovered by a 17-year-old American security researcher.
Dell issued a fix for them recently.
Make your home smarter than the average home
Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.
Click here to know more
Dell's SupportAssist, an inbuilt tool designed to install the right drivers and perform health checks on Dell PCs, had been harbouring a couple of security vulnerabilities since at least September last year. The discovery of the two high-severity vulnerabilities was made by Bill Demirkapi, a 17-year-old security researcher from Boston, Massachusetts when he decided to replace his aging MacBook Pro with a Dell G3 15.
Named Remote Code Execution Vulnerability (CVE-2019-3719), the first vulnerability allows an unauthenticated attacker to share the network access layer with the vulnerable system and let the attacker compromise the system by tricking a victim into downloading and executing arbitrary executables using SupportAssist from attacker hosted sites. The second vulnerability, called Improper Origin Validation (CVE-2019-3718), allows an authenticated attacker to exploit the vulnerability to attempt one-click attacks on users of affected PCs.
Demirkapi, who recounts his discovery in a blog post, apparently wrote to Dell about the vulnerabilities back in late October. Soon, Dell acknowledged the existence of the vulnerabilities and promised to roll out a fix in the first quarter of 2019. In late April, Dell released an advisory on the matter. According to Dell, SupportAssist Client version 220.127.116.11 (and later) contains resolutions to the reported vulnerabilities. What does this mean for you? If you own a Dell PC, you should update SupportAssist to this version or later as soon as possible.
A couple of months ago, WinRAR patched a 19-year-old security vulnerability in the archival tool's code after security researchers outlined its potential risks in a public blog post. The vulnerability allowed attackers to extract malicious software anywhere on the PC's hard drive. A little before that, an Indian security researcher found a security vulnerability in the Microsoft Store app on Windows 10 that could potentially affect over 400 million users.
Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.
We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.