Skip to main content

Google’s Project Zero Discloses Logitech Vulnerability

By December 19, 2018November 16th, 2022No Comments

Logitech’s Logic Called Into Question

On December 11, Google’s Project Zero disclosed a vulnerability in Logitech’s Options application. It seems that the application opened a port (10134) to simplify client-server communication.

However, this also means that authentication steps would be skipped, creating possible security risks.

The researcher who discovered the vulnerability, Tavis Ormandy, suggests that an attacker could execute a keystroke injection and take control of a Windows PC running Logitech’s Options application.

Just two days after the public disclosure, Logitech released an update (version 7.00.564 for Windows, 7.00.554 for Mac). This update seems to have satisfied Ormandy’s concerns.

Companies need to sweep their network for the Logitech Options application and confirm the current version is deployed.

Is there an easier way to manage?

Use Syxsense to detect and then remediate critical updates. While you could run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. Easily see which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that need the update.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo