Intel patches vulnerable driver update utility

The vulnerablity could allow a legitimate download to be intercepted and replaced.
The vulnerablity could allow a legitimate download to be intercepted and replaced.

Intel today issued a patch to fix a vulnerability associated with the Intel driver update utility MitM that could have been remotely exploited by a bad actor.

The vulnerability (CVE-2015-1493) was discovered by Core Security researchers in November who found that the driver, version 2.2.0.5, transmits sensitive or security critical data in a cleartext communication channel that could potentially be intercepted by an unauthorized person.

“The update request could be automatically detected by a third party on the same network and then the reply could be modified transparently, making the user download what is supposed to be a legitimate driver, but instead could be anything from malware to a remote access tool or whatever the malicious user wants,” Joaquin Rodriguez Varela, senior security researcher for Core Security told SCMagazine.com in a Tuesday email.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS