Samsung engineers have fixed yet another serious issue in its driver update utility, which if exploited would have allowed a malicious actor to take over a user’s device.
The issue, discovered by German security firm Blue Frost Security, affected the company’s system update tool called SW Update. This app is your standard bloatware, packed with all Samsung laptops and desktop computers, and advertised as a driver update utility.
Most PC vendors these days offer a similar utility, and almost all are as vulnerable and prone to security flaws as Samsung’s SW Update, as proven by recent.
A hacker could have rewritten SW Update core DLL files
According to, all Samsung SW Update versions up to and including 22.214.171.124, featured an incorrect configuration of the Windows ACL (Access Control List).
An attacker aware of this issue would have been able to overwrite DLL files in the app’s installation folder. The attacker could have modified one of the three critical DLLs loaded with the app every time it starts.
By adding malicious code to these three files, an attacker would have had control over the entire device. The only condition is that the attacker needed to wait for the user to reboot his computer for the PC to execute the tainted DLLs.
Issue fixed in SW Update 126.96.36.199
The security firm reported the issue to Samsung engineers on April 25. The company fixed the problem on May 30 by disabling file write permissions on the affected folder: “C:ProgramDataSamsungSW Update Service
Users should upgrade their SW Update app to version 188.8.131.52, either using the built-in updater or by grabbing a fresh copy off.
Last March, Samsung fixedin the SW Update tool after experts from Core Security reported that the app used an insecure driver download and update mechanism via HTTP.
Blue Frost Security previously discovered an issue in the FireEye antivirus that allowed crooks to.