NVIDIA developers have patched two major vulnerabilities in the GeForce Experience utility. This program is installed along with drivers for video cards, is responsible for automatic software updates and other functions. In versions of GeForce Experience prior to 3.20.5.70, there was a serious problem that in theory allows you to get full control over the system.
When installing the service software, a NodeJS-based web server is launched on the user's computer, which is responsible for communicating with the manufacturer's infrastructure. It automatically loads the required libraries. In one case, the location of this component is under the control of a potential attacker, who can replace it with malicious code. Vulnerability CVE-2020-5977 scored 8.2 on the CvSS scale and can lead to both denial of service and arbitrary code execution with elevated privileges.
The second vulnerability, CVE-2020-5990, fixes a bug in the NVIDIA ShadowPlay system for capturing and streaming game video, but may lead to local privilege escalation and arbitrary code execution. The update for GeForce Experience can be downloaded from the company's website, or you can wait for the automatic download of the new version.
A similar issue was closed in the GeForce Experience last year. Then the researcher also found a way to replace one of the system files that the utility accesses.
Such software is periodically used for mass or targeted attacks. Vulnerabilities in the programs themselves can be exploited, and in rare cases the entire chain of software delivery to the user is under attack. The most famous case of such an attack is the campaignShadowHammer , during which a modified utility for ASUS computers was distributed from compromised servers for some time.
What else happened:
Analysts from Nokia shared a report on the detection of malware in computer networks that use the company's defenses. Experts noted a significant increase in the number of infected IoT devices: their share among all compromised devices was 32.72% (a year earlier - 16.17%). Most often, malware is caught on Windows systems. IoT devices are in second place - smartphones and gadgets based on Android have moved them to third place.
In the 5.10 Linux kernel release, the setfs () function was removed , which allowed to control writes to RAM. According tosome sources , it was present in the OS kernel starting from version 0.10 of 1991 - then it was introduced to support systems based on 80386 processors that were outdated even at that time. In 2010, it turned out that the function can be used to overwrite data to which the user normally situations should not have access. A similar bug was discovered in LG smartphones based on Android in 2016.
In Yandex Browser, as well as Opera and Safari have closed a bug that allowed to forge the contents of the address bar. In the meantime, Google Chrome foundan error that prevents user data from being deleted for Google's own services (such as YouTube), even if there is no exception for them. In theory, this allows you to identify a user who does not want to give himself away, deleting all previously stored information. Google admitted the mistake and promised to fix it.
A Check Point study claims that phishing emails most often exploit Microsoft services. In 19% of cases, phishing attack operators fake messages to make them look like the correspondence of this company. The second and third places are taken by phishing on behalf of DHL and Google, 9% each.