NVIDIA’s GeForce Experience has received an update that resolves a security flaw, that left users vulnerable against attacks, potentially exposing their data to hackers.
THE THREAT
According to Rhino Security Lab’s blog post, the app was letting remote access to users data, making them vulnerable to threats.
This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GeForce Experience writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potential privilege escalation
Rhino Security Lab
They also said that the users could be affected by
NVIDIA’s ANSWER
NVIDIA, in its defense, said that the security flaw is affecting users with ShadowPlay, NVcontainer, or GameStream enabled, not to mention all the three could be on by default.
It is highly recommended to update to the latest version of NVIDIA GeForce Experience as soon as possible. You can do this by launching the GeForce Experience app and auto-updating to version 3.18.
Read more:
- NVIDIA GeForce RTX 2060, 2070, 2080 Pricing in India: RTX ON
- Asus Gaming Laptops with AMD Ryzen 3000 APU and NVIDIA GTX 1660 Ti Spotted
- Intel Accuses NVIDIA of Copying Self Driving Technology