- Synology patches critical vulnerabilities without clicking on NAS devices
- Attackers can exploit vulnerabilities without user interaction
- Researchers awarded $260,000 for discovering feats
Synology has recently fixed a critical security flaw in its NAS device products that could have allowed hackers to hijack victims' drives.
The company published two advisories to notify users about patched vulnerabilities in its data storage products, specifically those in Photos for DMS and BeePhotos for BeeStation.
The identified issues, showcased at the recent Pwn2Own Ireland 2024 event, enabled remote code execution, posing a serious threat as they allowed attackers to take control of affected devices without user interaction.
Critical vulnerabilities revealed
Remote code execution vulnerabilities are especially dangerous as they give attackers the ability to execute arbitrary commands on the device, putting sensitive data at risk.
By addressing these flaws, Synology has ensured that users who apply the updates can better protect their devices from potential attacks, as this not only prevents potential remote access but also reduces the likelihood of ransomware, data theft, and other types of attacks. of attacks that exploit the NAS. vulnerabilities.
Devices that store sensitive information are often connected to the Internet, so they are often susceptible to attacks. To protect against malicious actors, it is important to employ regular security patches.
Hosted by Trend Micro's Zero Day Initiative (ZDI), Pwn2Own Ireland 2024 awarded more than $1 million to white hat hackers who successfully demonstrated exploits across devices, including NAS systems, cameras and smart speakers.
Synology was one of the companies with security flaws and its products earned researchers $260,000 in total for the vulnerabilities discovered. The company responded quickly to competitor findings and addressed critical defects in its products.
Via Safety Week
