Samsung engineers have fixed yet another serious issue in its driver update utility, which if exploited would have allowed a malicious actor to take over a user’s device.

The issue, discovered by German security firm Blue Frost Security, affected the company’s system update tool called SW Update. This app is your standard bloatware, packed with all Samsung laptops and desktop computers, and advertised as a driver update utility.

Most PC vendors these days offer a similar utility, and almost all are as vulnerable and prone to security flaws as Samsung’s SW Update, as proven by recent research by Duo Security.

A hacker could have rewritten SW Update core DLL files

According to Blue Frost, all Samsung SW Update versions up to and including, featured an incorrect configuration of the Windows ACL (Access Control List).

An attacker aware of this issue would have been able to overwrite DLL files in the app’s installation folder. The attacker could have modified one of the three critical DLLs loaded with the app every time it starts.

By adding malicious code to these three files, an attacker would have had control over the entire device. The only condition is that the attacker needed to wait for the user to reboot his computer for the PC to execute the tainted DLLs.

Issue fixed in SW Update

The security firm reported the issue to Samsung engineers on April 25. The company fixed the problem on May 30 by disabling file write permissions on the affected folder: “C:ProgramDataSamsungSW Update Service

Users should upgrade their SW Update app to version, either using the built-in updater or by grabbing a fresh copy off Samsung’s site.

Last March, Samsung fixed another severe vulnerability in the SW Update tool after experts from Core Security reported that the app used an insecure driver download and update mechanism via HTTP.

Blue Frost Security previously discovered an issue in the FireEye antivirus that allowed crooks to whitelist malware.

Samsung SW Update tool

Samsung SW Update tool

Let’s block ads! (Why?)

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲