NVIDIA updates GeForce Experience to remove security flaw

NVIDIA’s GeForce Experience has received an update that resolves a security flaw, that left users vulnerable against attacks, potentially exposing their data to hackers.

GeForce Experience

THE THREAT

According to Rhino Security Lab’s blog post, the app was letting remote access to users data, making them vulnerable to threats.

This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GeForce Experience writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potential privilege escalation

Rhino Security Lab

They also said that the users could be affected by total denial of service or full privilege escalation, giving attackers full control over their target’s data. This is a big issue as all computers with NVIDIA graphics are preloaded with this app.

NVIDIA’s ANSWER

- Advertisement -

NVIDIA, in its defense, said that the security flaw is affecting users with ShadowPlay, NVcontainer, or GameStream enabled, not to mention all the three could be on by default.

It is highly recommended to update to the latest version of NVIDIA GeForce Experience as soon as possible. You can do this by launching the GeForce Experience app and auto-updating to version 3.18.

Read more:

- Advertisement -

Follow us on Instagram & Facebook to keep you updated. You can now download our new Android app. Please fill this survey to serve you better.

- Advertisement -
Areej
I love computer hardware and RPGs, and those two things are what drove me to start TechQuila. Other than that most of my time goes into reading psychology, writing (and reading) dark poetry and playing games.

Leave a Reply

Related posts

Advertisment

Latest posts

Cows As A Source Of Antibodies For Coronavirus

A BioTech company is using cows to produce antibodies that are produced in humans to fight against SARS-CoV-2.

Here’s Why Zoom Doesn’t Provide E2E Encryption to their Free Users

Zoom's free users will not get E2E encryption because criminals might use their free services for potentially illegal activities.

CarryMinati Releases Yalgaar; Gives Reply to his Trolls

CarryMinati, aka Ajey Nagar, gives befitting reply to YouTube, YouTubers and the TikTok community with his new rap song Yalgaar.

Next Article Loading

Follow us on Instagram & Facebook to keep you updated. You can now download our new Android app. Please fill this survey to serve you better.