休閑

【】

字号+作者:囫圇吞棗網来源:時尚2024-11-22 05:21:03我要评论(0)

If you own a Dell laptop or desktop then there's a very good chance your machine is vulnerable to at

If you own a Dell laptop or desktop then there's a very good chance your machine is vulnerable to attack simply by visiting a malicious website. The good news is, Dell has released a patch to close the security hole.

As ZDNet reports, 17-year-old security researcher Bill Demirkapi discovered a vulnerability (CVE-2019-3719) in the Dell SupportAssist utility which allows an attacker to remote execute code. This is achieved by getting a user to visit a specific website containing JavaScript code capable of tricking the SupportAssist app into downloading and running malicious files (with full admin rights). Importantly, no user interaction is required once the website has been visited and the JavaScript can be hidden inside an ad on a legitimate website.

Here's the remote code execution in action as recorded by Demirkapi:

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

Dell uses SupportAssist to pro-actively check the health of your hardware and software and then automatically updates each system as necessary. As you've probably guessed, it's a piece of software that gets pre-installed on most new Dell systems, meaning there's a lot of users out there potentially vulnerable to this attack.

Mashable Games

Dell has known about the vulnerability since Oct. 26 last year and a patched version of SupportAssist (v3.2.0.90) is now available which closes the security hole. If you own a Dell which has SupportAssist installed, download and install the new version as soon as possible to protect your system.


Featured Video For You
Scientists successfully 3D-print heart from human cells

TopicsCybersecurityDell

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

相关文章
  • Daughter gives her 100

    Daughter gives her 100

    2024-11-22 04:58

  • Trump's Truth Social app has not been approved by Google's Play store yet

    Trump's Truth Social app has not been approved by Google's Play store yet

    2024-11-22 04:14

  • Parental controls are such a scam

    Parental controls are such a scam

    2024-11-22 03:05

  • How to remove yourself from group texts on iOS and Android

    How to remove yourself from group texts on iOS and Android

    2024-11-22 02:37

网友点评