Synology addresses critical zero-click vulnerabilities in its NAS devicesExploits can occur without any user interaction$260,000 awarded for the discovery of security flaws

Synology has announced the release of critical security patches aimed at rectifying significant vulnerabilities in its network-attached storage (NAS) products, which had the potential to allow cybercriminals to take control of the devices.

The updates were detailed in two official advisories concerning security issues related to Photos for DMS and BeePhotos for BeeStation.

The vulnerabilities, showcased at the recent Pwn2Own Ireland 2024 event, could lead to remote code execution, which represents a critical risk since it permits attackers to control affected units without the need for any user involvement.

Critical vulnerabilities disclosed

Remote code execution flaws pose a particularly severe threat as they enable malicious actors to execute nonsanctioned commands on vulnerable devices, thus jeopardizing sensitive information.

By rectifying these vulnerabilities, Synology aims to fortify its users’ defenses against potential breaches. The updates not only hinder unauthorized remote access but also diminish the risks of ransomware attacks, data theft, and similar threats targeting NAS devices.

Given that many NAS systems contain sensitive data and are frequently connected to the internet, they become prime targets for cyberattacks. Therefore, the implementation of routine security updates is fundamental in shielding these devices from threats.

The Pwn2Own Ireland 2024 competition, coordinated by Trend Micro’s Zero Day Initiative (ZDI), recognized white-hat hackers with over $1 million for successfully demonstrating various exploits on different devices, including NAS units, cameras, and smart speakers.

Synology was among the companies whose products were deemed vulnerable, resulting in researchers earning a total of $260,000 for uncovering these critical security issues. The company’s prompt action following the event’s findings underscores its commitment to addressing security concerns swiftly.

Source: SecurityWeek

Source
www.techradar.com

Synology Addresses Critical Vulnerabilities, Advises Users to Update Devices to Prevent Zero-Click Attacks

Critical vulnerabilities disclosed

Related Articles

France Blames Russia for Orchestrating Years of High-Profile Cyberattacks

iOS 18.5 Beta 4: Key Insights and Updates

EA Allegedly Cancels Another Titanfall Game and Cuts Hundreds of Jobs

Kolkata Hotel Fire Claims at Least 14 Lives, According to Police

Raphinha Transforms from Unsung Hero to Ballon d’Or Contender for Barcelona

An Existential Moment: Greens Challenge Reform for Disenchanted Voters

Breaking news

Kolkata Hotel Fire Claims at Least 14 Lives, According to Police

“Set the Record Straight: What Really Happened to the Wisconsin Judge”

St. Louis Officials Shocked by Discovery of Two Bodies

Abreu’s Three-Run Homer Powers Red Sox to Victory Over Jays

Beyoncé’s Cowboy Carter Tour Kickoff Featuring Blue Ivy and Rumi’s Unmissable Cameo

Pakistan Accuses India of Preparing Attack Within 36 Hours as Tensions Rise Between Nuclear-Armed Neighbors

Concerns Arise Over Foreign Influence in the Arctic Due to Svalbard Land Deal