Jump to content
  • Sign Up
×
×
  • Create New...

Security researchers found a serious zero-click bug in Synology’s Photos app

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Security researchers found a serious zero-click bug in Synology’s Photos app

If you own a Synology NAS drive, you’ll want to update your device as soon as possible. As first reported by

This is the hidden content, please
, a group of Dutch security researchers recently identified a zero-click vulnerability within the Synology Photos app. For the uninitiated, such bugs allow hackers to compromise a system without a user needing to click something first. To make matters worse, the app comes pre-installed and enabled by default on Synology’s consumer line of Bee network storage devices. It’s also a popular download among those who use the company’s DiskStation systems.

This is the hidden content, please
, the cybersecurity firm that discovered the vulnerability, estimates that millions of Synology users may be at risk. Although the company
This is the hidden content, please
to address the bug, its NAS devices do not automatically download updates. “It’s not trivial to find [the vulnerability] on your own, independently,” Carlo Meijer, one of the researchers, told Wired. “But it is pretty easy to figure out and connect the dots when the patch is actually released, and you reverse-engineer the patch.”

According to Midnight Blue, the zero-click is found in a part of the Synology Photos app that does not require authentication. As a result, attackers can exploit the bug directly over the internet and without needing to bypass a gateway first. They can then gain root access and install malicious code on the compromised device. At that point, there’s not much a malicious individual couldn’t do, with the firm noting it would even be possible to turn the infected device into a botnet. The possibility a ransomware gang could target Synology devices isn’t just theoretical either. Earlier this year, DiskStation

This is the hidden content, please
that they were the target of a ransomware *******.



This is the hidden content, please

#Security #researchers #zeroclick #bug #Synologys #Photos #app

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept