NVIDIA’s GeForce Experience has received an update that resolves a security flaw, that left users vulnerable against attacks, potentially exposing their data to hackers.

GeForce Experience

THE THREAT

According to Rhino Security Lab’s blog post, the app was letting remote access to users data, making them vulnerable to threats.

This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GeForce Experience writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potential privilege escalation

Rhino Security Lab

They also said that the users could be affected by total denial of service or full privilege escalation, giving attackers full control over their target’s data. This is a big issue as all computers with NVIDIA graphics are preloaded with this app.

NVIDIA’s ANSWER

NVIDIA, in its defense, said that the security flaw is affecting users with ShadowPlay, NVcontainer, or GameStream enabled, not to mention all the three could be on by default.

It is highly recommended to update to the latest version of NVIDIA GeForce Experience as soon as possible. You can do this by launching the GeForce Experience app and auto-updating to version 3.18.

Read more:

Leave a Reply