Google’s Project Zero Discloses Logitech Vulnerability

Logitech’s Logic Called Into Question

On December 11, Google’s Project Zero disclosed a vulnerability in Logitech’s Options application. It seems that the application opened a port (10134) to simplify client-server communication.

However, this also means that authentication steps would be skipped, creating possible security risks.The researcher who discovered the vulnerability, Tavis Ormandy, suggests that an attacker could execute a keystroke injection and take control of a Windows PC running Logitech’s Options application.

Just two days after the public disclosure, Logitech released an update (version 7.00.564 for Windows, 7.00.554 for Mac). This update seems to have satisfied Ormandy’s concerns.

Companies need to sweep their network for the Logitech Options application and confirm the current version is deployed.

Is there an easier way to manage?

Use Syxsense to detect and then remediate critical updates. While you could run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. Easily see which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that need the update.

Recent Posts

Topics

Related Posts

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024