Synology fixes critical vulnerabilities and encourages users to update devices against zero-click attacks
- Synology fixes critical zero-click vulnerabilities in NAS devices
- Attackers can exploit vulnerabilities without user intervention
- $260,000 was awarded to researchers for discovering exploits
Synology recently fixed a critical security flaw in its NAS device products that allowed hackers to hijack victim units.
The company has issued two advisories to notify users of patched vulnerabilities in its data storage products, specifically those in Photos for DMS And BeePhotos for BeeStation.
The identified issues, which came to light during the recent Pwn2Own Ireland 2024 event, enabled remote code execution, which posed a serious threat as attackers could take control of affected devices without user intervention.
Critical vulnerabilities exposed
Remote code execution vulnerabilities are especially dangerous because they allow attackers to execute arbitrary commands on the device, compromising sensitive data.
By addressing these shortcomings, Synology has ensured that users who apply the updates can better protect their devices against potential attacks, as it not only prevents potential remote access, but also the chance of ransomware, data theft, and other types of attacks that affect NAS is abused, diminished. vulnerabilities.
Devices that store sensitive information are often connected to the Internet and are therefore usually susceptible to attacks. To protect yourself against malicious actors, it is important to regularly use security patches.
Pwn2Own Ireland 2024, organized by Trend Micro’s Zero Day Initiative (ZDI), awarded more than $1 million to white-hat hackers who successfully demonstrated exploits on a variety of devices, including NAS systems, cameras and smart speakers.
Synology was among the companies with security flaws, and its products earned researchers a total of $260,000 for their discovered vulnerabilities. The company responded quickly to competitors’ findings and addressed critical deficiencies in its products.
Via Security Week