【】

If you own a Dell laptop or desktop then there's a very good chance your machine is vulnerable to attack simply by visiting a malicious website. The good news is, Dell has released a patch to close the security hole.
As ZDNet reports, 17-year-old security researcher Bill Demirkapi discovered a vulnerability (CVE-2019-3719) in the Dell SupportAssist utility which allows an attacker to remote execute code. This is achieved by getting a user to visit a specific website containing JavaScript code capable of tricking the SupportAssist app into downloading and running malicious files (with full admin rights). Importantly, no user interaction is required once the website has been visited and the JavaScript can be hidden inside an ad on a legitimate website.
Here's the remote code execution in action as recorded by Demirkapi:
Dell uses SupportAssist to pro-actively check the health of your hardware and software and then automatically updates each system as necessary. As you've probably guessed, it's a piece of software that gets pre-installed on most new Dell systems, meaning there's a lot of users out there potentially vulnerable to this attack.

Dell has known about the vulnerability since Oct. 26 last year and a patched version of SupportAssist (v3.2.0.90) is now available which closes the security hole. If you own a Dell which has SupportAssist installed, download and install the new version as soon as possible to protect your system.
Featured Video For You
Scientists successfully 3D-print heart from human cells
TopicsCybersecurityDell
相关文章
Donald Trump's tangled web of Russian influence
Donald Trump has had ties to Russia for decades, but they've thickened as his campaign for the White2025-04-02At long last, 'copypasta' and 'air fryer' have been added to the dictionary
As long as humans keep on human-ing, words will keep on words-ing.This week, Merriam-Webster announc2025-04-02Trans Santa organizes gift donations to trans youth
If you're able to spread some some good tidings this holiday season, Trans Santa makes it easy for y2025-04-02GoDaddy hosting service discloses customer hack
GoDaddy wants you to know that it's really sorry. The web-hosting service disclosed Monday that it w2025-04-02Richard Branson 'thought he was going to die' in bike accident
Virgin Group founder Richard Branson was recently injured in a serious bike accident while cycling o2025-04-02Tesla lawsuit alleges disturbing sexual harassment at Fremont factory
The car of the future may be born of a retrograde past. An employee at Tesla's Fremont factory is su2025-04-02
最新评论