Right after Razer, SteelSeries Application Also Strike by Zero-Day Vulnerability, SteelSeries Responds (Update)

Update 8/25/2021 1:50 p.m. ET: A SteelSeries spokesperson instructed Tom’s Components that SteelSeries is “knowledgeable

Update 8/25/2021 1:50 p.m. ET: A SteelSeries spokesperson instructed Tom’s Components that SteelSeries is “knowledgeable of the concern discovered” and “proactively disabled the launch of the SteelSeries installer that is activated when a new SteelSeries unit is plugged in.”

“This right away removes the possibility for an exploit, and we are performing on a computer software update that will handle the problem forever and be unveiled shortly,” the spokesperson reported. 

Initial short article 8/25/2021 10:45 p.m. ET: 

We have lately reported new vulnerabilities found with Razer products. The Synapse application allows destructive actors to receive admin rights in the Home windows 10 working program devoid of any authentication. Right now, a new report implies that SteelSeries and its accompanying program for peripherals is also struck by the similar kind of exploit.

When protection scientists found a vulnerability in Razer software package, it seems to have opened Pandora’s box. In actuality, lots of peripheral makers like Razer and SteelSeries have been shipping computer software vulnerable to exploits that grant admin privileges to unauthorized buyers.

Lawrence Amer of 0xsp has discovered that Windows instantly downloads the accompanying software program and installs it employing admin legal rights when you plug a SteelSeries unit into the computer. You have to concur to license rights through the set up approach, and that is exactly where the exploit starts. You will find a little “Find out extra” button, leading to a website link you open up in Web Explorer. In the upper correct corner, there is a little cog that you can click for equipment. From there, you can click on File > Save and open the CMD window in admin manner from that file explorer. It really is seriously just that simple. 

See far more

Far more about, yet another stability researcher, an0n(@an0n_r0), has tested that it truly is achievable to set off the computer software download and installation of SteelSeries software package even if you never very own a SteelSeries device. He just applied his Android cellphone that mimicked the SteelSeries keyboard, all while using the USBgadget generator resource.

See much more

This is about, but it could be even worse. This exploit demands physical access, so most customers do not have to fear about it. A probable attacker would have to have an unlocked property display screen, which is not uncomplicated if the user has secured the laptop or computer with a password or any kind of authentication.

Iam Guest Posting Services
I Have 2000 sites
Status : Indexed All
Good DA : 20-60
Different Niche | Category
Drip Feed Allowed
I can instant publish

My Services :

1. I will do your orders maximum of 1x24 hours, if at the time I'm online, I will do a maximum of 1 hour and the process is
2. If any of your orders are not completed a maximum of 1x24 hours, you do not have to pay me, or free.
3. For the weekend, I usually online, that weekend when I'm not online, it means I'm working Monday.
4. For the payment, maximum payed one day after published live link.
5. Payment via PayPal account.

If you interesting, please reply

Thank You


Exit mobile version