NVIDIA’s GeForce Experience has received an update that resolves a security flaw, that left users vulnerable against attacks, potentially exposing their data to hackers.
According to Rhino Security Lab’s blog post, the app was letting remote access to users data, making them vulnerable to threats.
This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GeForce Experience writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potential privilege escalationRhino Security Lab
They also said that the users could be affected by
NVIDIA, in its defense, said that the security flaw is affecting users with ShadowPlay, NVcontainer, or GameStream enabled, not to mention all the three could be on by default.
It is highly recommended to update to the latest version of NVIDIA GeForce Experience as soon as possible. You can do this by launching the GeForce Experience app and auto-updating to version 3.18.