HP Inc. recently confirmed a keylogger vulnerability in laptops using the Synaptics touchpad driver. The cause: leftover debugging code forgotten before shipping, and when activated, the keylogger saves scan codes to a WPP trace. Vulnerability was discovered by researcher Michael Myng when figuring out how to control HP’s laptop keyboard backlight. Although disabled by default, this code can easily be enabled by setting a simple registry value with user admin privileges.
HP stated this vulnerability impacted more than 460 model laptops, and they have since released an update via HP and Windows Update to remove the offending code. The specific HP products are listed in the security advisory. A similar vulnerability was discovered back in May involving the audio drivers in some HP-manufactured laptops, storing user keystrokes in a world-readable plaintext file.
On December 11, the Qualys Vulnerability and Malware Research Labs issued an advisory on a memory leak (CVE-2017-1000408) and buffer overflow (CVE-2017-1000409) in the GNU C Library Dynamic Loader (ld.so). The report gives a brief analysis of the vulnerable function, and present a simple method for exploiting a SUID binary on the command line and obtaining full root privileges. The impact of these vulnerabilities are considered low.
Check out our new blog posts, plus you can follow the blog on our social media outlets.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.