Technology
Dell laptops and desktops vulnerable to remote attack
Disclosure
Every product here is independently selected by Mashable journalists. If you buy something featured, we may earn an affiliate commission which helps support our work.
Follow @https://twitter.com/PCMag
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
If you own a Dell laptop or desktop then there’s a very good chance your machine is vulnerable to attack simply by visiting a malicious website. The good news is, Dell has released a patch to close the security hole.
As ZDNet reports, 17-year-old security researcher Bill Demirkapi discovered a vulnerability (CVE-2019-3719) in the Dell SupportAssist utility which allows an attacker to remote execute code. This is achieved by getting a user to visit a specific website containing JavaScript code capable of tricking the SupportAssist app into downloading and running malicious files (with full admin rights). Importantly, no user interaction is required once the website has been visited and the JavaScript can be hidden inside an ad on a legitimate website.
Here’s the remote code execution in action as recorded by Demirkapi:
Dell uses SupportAssist to pro-actively check the health of your hardware and software and then automatically updates each system as necessary. As you’ve probably guessed, it’s a piece of software that gets pre-installed on most new Dell systems, meaning there’s a lot of users out there potentially vulnerable to this attack.
Dell has known about the vulnerability since Oct. 26 last year and a patched version of SupportAssist (v3.2.0.90) is now available which closes the security hole. If you own a Dell which has SupportAssist installed, download and install the new version as soon as possible to protect your system.
This article originally published at PCMag
here
-
Business7 days ago
Google Gemini: Everything you need to know about the new generative AI platform
-
Business5 days ago
Haun Ventures is riding the bitcoin high
-
Entertainment5 days ago
Hands-on with the Claude AI app: It’s pleasant to use, but janky
-
Entertainment6 days ago
‘Bridgerton’: Everything you need to remember before Season 3
-
Entertainment3 days ago
Apple Watch Series 9 vs. SE: A smartwatch skeptic tested both for 13 days
-
Entertainment4 days ago
5 essential gadgets for turning your home into a self-care sanctuary
-
Business4 days ago
Apple: pay attention to emerging markets, not falling China sales
-
Business3 days ago
Google dubs Epic’s demands from its antitrust win ‘unnecessary’ and ‘far beyond the scope’ of the verdict