• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
western digital flaw allows hackers to access restricted files

Western Digital flaw allows hackers to access restricted files

You are here: Home / General Cyber Security News / Western Digital flaw allows hackers to access restricted files
March 22, 2022

Getty Photos

Western Electronic has set a bug in its computer software that allowed attackers to obtain limited documents.

The security flaw lay in EdgeRover, which is a proprietary WD file explorer app, and has an effect on each the Mac and Windows version of the application.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Equally variations of the product or service put up with from a directory traversal vulnerability. An attacker can elevate their local privileges and escape fundamental file-method sandboxing, mentioned the business in an advisory.

“These vulnerabilities when effectively exploited could direct to disclosure of delicate facts or denial-of-service,” the firm said.

Western Electronic registered the bug as CVE-2022-22988. It has a vulnerability score of 9.1 and is rated as critical.

Even though the bug could allow for entry to limited data files, an attacker would need to have to have by now compromised the equipment to exploit this bug.

The company fixed the flaw by modifying file and directory permissions, restricting the folders that files can be loaded from. Customers really should upgrade to variation 1.5.1.594 of the application on Mac and Windows equipment to deal with the issue.

EdgeRover lets people today to develop an stock and snapshots of all the documents saved on their laptop or computer and external drives. The product or service allows users research across all their files, like media that isn’t really presently connected. The lookup ability also includes previews of photos and documents.

EdgeRover has experienced from security bugs right before. In December 2021, Western Electronic documented two vulnerabilities in Mac and Windows versions of the application. The bugs, which lay in its OpenSSL library, permitted a denial of assistance attack and a remote code execution attack on the system. The company set individuals by updating its OpenSSL library.

Yet another bug in the Windows edition, set last May possibly, allowed end users to elevate privileges and load malicious information into restricted directories. That bug lay in the company’s implementation of Node.js.


Some elements of this post are sourced from:
www.itpro.co.uk

Previous Post: «new dell bios bugs affect millions of inspiron, vostro, xps, New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems
Next Post: Okta Investigates Possible Lapsus Breach Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.