Taipei, November 5 — A zero-click flaw, RISK, threatens millions of Synology NAS devices. Users must patch immediately to avoid potential exploitation and data loss.
Synology, the Taiwanese network-attached storage (NAS) giant, has called for immediate action after disclosing a critical zero-click vulnerability, CVE-2024-10443, that affects millions of its devices.
Dubbed RISK, this flaw was showcased at Pwn2Own Ireland 2024 by security expert Rick de Jager and could allow attackers root-level remote code execution on affected Synology DiskStation and BeeStation devices without any user interaction. Synology confirmed the urgency of patching to prevent exploitation of this zero-click vulnerability, stating:
We prioritize the security of our users and strongly urge immediate updates to mitigate any potential risk.
The impacted devices include versions of BeePhotos for BeeStation OS and Synology Photos for DSM 7.2. Midnight Blue, the cybersecurity firm that identified the flaw, emphasized the scale of exposure, noting that between one and two million devices remain connected to the internet and vulnerable.
Cybersecurity analysts express concern over the potential for data theft and malware implantation. Synology urged users to update to the latest versions, highlighting the risk of ransomware attacks that have historically targeted NAS devices.
This type of zero-click flaw is particularly alarming due to its silent nature, allowing attackers to infiltrate systems with no user interaction.
While technical specifics have been withheld to grant users time to secure their systems, Synology continues to stress the importance of these patches. With ransomware groups constantly seeking high-value targets, swift user action is essential.
Other News At VPNRanks
- Santander and HSBC Join Authorities in Raising Alarm Over QR Code-Based Cyberattacks
- Chinese Hackers Exploit Telecom Flaws, Target VIP Devices
- Massive Data Breach at SelectBlinds—206,000 customers at Risk
- Google’s Project Jarvis: The AI That Can Take Over Your Browser
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
