Toshiba Updates Software Issue

Tuesday, March 3, 2015 @ 03:03 PM gHale


Toshiba updated a vulnerability in its Bluetooth Stack for Windows and Service Station that attackers can use to gain system privileges on a computer running the affected software versions.

With elevated privileges on the machine, the attacker could take control of the computer by executing malicious programs, or to alter or delete information stored on the hard disk.

RELATED STORIES
Superfish Woes More Widespread
Lenovo Stops Using Hackable Software
Piracy Investigation: Feds Seize Assets
Apple Works to Block Malware

The security flaw, which has a case number of CVE-2015-0884, is a path privilege escalation vulnerability and has a CVSS base score of 5.3, said researchers at the Computer Emergency Response Team (CERT) division at Carnegie Mellon University.

Successful exploitation requires local authentication, which makes compromising the system more difficult. Giovanni Delvecchio from SmartNet discovered the vulnerability.

Toshiba released updates for the vulnerable products and urges users to apply them immediately. The software builds mitigating the risk are 9.10.32 for Bluetooth Stack for Windows and 2.2.14 for Service Station.

In a security advisory, the company offers instructions on how a user can determine if the software version installed is vulnerable and how to apply the update.



Leave a Reply

You must be logged in to post a comment.