Huawei has belatedly fixed a mild vulnerability in a USB connectivity dongle spotted by Trustwave after The Register intervened.
The LTE USB Stick E3372 device contains a SIM card. Inserting it into a laptop gives you LTE connectivity – handy for working on the move or in a location without Wi-Fi or Ethernet available.
Yet when infosec firm Trustwave’s Spiderlabs division took a closer look at the stick last year, its researchers found a security blunder that affects macOS users: the USB stick acts as a storage drive that includes software to install to manage the dongle. This software creates a root-owned script file on the file system that can be overwritten by any user. That can be used by rogue accounts, or malware on the machine, to fully compromise the Mac. And that script file is supposed to run every time the dongle is plug ..
Support the originator by clicking the read the rest link below.
