Lately, three well-known players in the computer industry are in trouble over vulnerabilities discovered in their Windows OS applications by SafeBreach.
The trio composed of Intel, ASUS & Acer have these applications pre-installed and so leave all users vulnerable, not just selective ones who would have downloaded these as in the case of normally found software.
Acer
Firstly, Acer’s Quick Access program was found to be vulnerable to DLL hijacking through which attackers could obtain system rights allowing them to run malicious files.
See: New Linux vulnerability puts VPN connections at risk of hijacking
Caused due to a lack of digital certificate validation and an uncontrollable search part; this would be a move away from the traditional way of tricking the user to run such files. In this case, the attacker could just do it themselves making the process easier.
Furthermore, the attacker could also operate as NT AUTHORITY/ SYSTEM, the most powerful account privilege wise in Windows. Currently, the bug has infected versions 2.01.3000 to 2.01.3027 and 3.00.3000 to 3.00.3008 of the Quick Access app.
On the other hand, versions 2.01.3028 and 3.00.3009 have been patched. If you’re an Acer user, it is recommended that you check your app’s version through the “Uninstall programs” feature and proceed accordingly.
Intel
Coming to Intel, the most well known of the three thanks to its processors, its system hijacking flaws found installed software
