Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks

by

## Synology Patches Critical Zero-Click Vulnerabilities in NAS Devices

Synology recently addressed a critical security flaw in its Network Attached Storage (NAS) devices that could have allowed hackers to compromise user systems remotely. These vulnerabilities, highlighted at the recent Pwn2Own Ireland 2024 cybersecurity event, posed a serious threat as they allowed for remote code execution without requiring user interaction – a characteristic known as a “zero-click” vulnerability.

**What Were the Vulnerabilities?**

Two advisories were issued by Synology to inform users about the patched vulnerabilities, specifically affecting **Photos for DMS** and **BeePhotos for BeeStation**. These vulnerabilities allowed attackers to execute arbitrary commands on affected devices, putting sensitive data stored on the NAS at risk. These vulnerabilities could have potentially enabled:

* **Complete device takeover** by malicious actors.
* **Ransomware infections**, encrypting user data and demanding payment for its release.

* **Data theft**, compromising sensitive information stored on the NAS.

**Addressing the Threat: Patching is Crucial**

By releasing these patches, Synology has significantly mitigated the risk to its users.

* Applying these updates is crucial to protect your NAS device and data from potential attacks.
* Regular software updates are essential for maintaining the security of any internet-connected device.

**Rewarding Responsible Disclosure**

The vulnerabilities were discovered by security researchers who successfully demonstrated exploits at Pwn2Own Ireland 2024. This competition, organized by Trend Micro’s Zero Day Initiative (ZDI), awarded over $1 million to white-hat hackers showcasing exploits across various devices, including NAS systems, cameras, and smart speakers. Synology was one of the companies whose products were targeted, with researchers earning a total of $260,000 for their findings.

Synology’s swift response in addressing these critical flaws highlights the importance of responsible vulnerability disclosure and the collaborative efforts within the cybersecurity community.

**Protect Your Data: Update Now**

Ensure the safety of your data by immediately updating your Synology NAS device to the latest firmware version. You can find detailed information about the vulnerabilities and the necessary patches on the official Synology security advisory page:

Synology Security Advisory SA-24-19

The post Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks appeared first on Archynewsy.

Source link

Related posts:

  1. Intranasal Administration of the Combination of Dextro-Ketamine and De
  2. Reviravolta científica: primeiros dinossauros podem ter surgido na Amazônia
  3. Apple Targets Glare and Battery Life in a Pair of New MacBook Pro Ads – Branding in Asia
  4. Memorial Day Language Deals 2024 | Learn a New Language

Leave a Comment