![]() ![]() Is ASUS Live Update 3.4.3 open to the same vulnerability recorded in the Github article above?.I've seen accounts posting on this sub that appear to belong to ASUS support personnel ( Asus_USA), so I'd like to ask for an explanation of what I saw last night. ![]() Thankfully, I had set Live Update to inform me when new updates were available but not to download and install them. I found this article on GitHub, which explains that an earlier version of Live Update can easily be tricked into downloading and executing code from any source: This seemed very suspicious, so I immediately uninstalled Live Update and Googled for vulnerabilities associated with the app. I checked its details in Live Update's interface and noticed that 1) there was no name given for the update in the interface's "Name" field, and 2) the update's "release date" entry was March 2015. Last night, Asus Live Update reported that a new "Critical" update was available. During initial set up I removed a lot of the OEM software it came pre-installed with, but I left ASUS Live Update (v3.4.3) alone, as it seemed to have a role in delivering BIOS updates. I purchased an ASUS ROG GL553VE back in July. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |