Sign In

Communications of the ACM

ACM TechNews

Dell Laptops and Computers Vulnerable to Remote Hijacks

View as: Print Mobile App Share:
A Dell desktop computer.

A vulnerability in the Dell SupportAssist utility lets attackers execute code with administrative privileges on Dell desktop and laptop computers using an older iteration of that utility.

Credit: Dell

Dell laptops and personal computers can be remotely commandeered via a vulnerability in the Dell SupportAssist utility, which lets attackers execute code with administrative privileges on devices using an older iteration.

The exploit involves enticing users onto a malicious Web page, where JavaScript code can fool Dell SupportAssist into downloading and running files from a site that hackers control.

Security researcher Bill Demirkapi said, "The attacker needs to be on the victim's network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim's machine in order to achieve remote code execution."

The hack has no need of user interaction besides tricking users to access a malicious page, while the JavaScript code can be masked within iframes on authentic sites.

Dell issued a fix for this vulnerability, yet many users will likely remain unprotected if they have not already updated Dell SupportAssist.

From ZDNet
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found