Security News Project Zero finds vulnerability in Logitech Options software

G

Genux

Thread author
Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw.

The Logitech Options app, which configures the company's mice and keyboards in Windows, relies on an ineffective authentication mechanism that enables malicious webpages to execute code on a victim's machine.

Tavis Ormandy, vulnerability researcher with Google's Project Zero, found the flaw in the Logitech Options app when he tried to rebind a button on his Logitech mouse. He published details about the critical vulnerability when Logitech took more than 90 days to address the issue.

Ormandy contacted Logitech and met with Logitech engineers in September.

"They assured me they understood the issues and were planning to add origin checks and type checking," Ormandy wrote on the Project Zero bug tracker.

However, it seems the Logitech developers didn't resolve the issue: Ormandy tested the latest version, released on Oct. 1, and none of the issues he had reported were fixed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top