Security News > 2021 > July > Another 0-Day Looms for Many Western Digital Users

There is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can't or won't upgrade to the latest operating system.

At issue is a remote code execution flaw residing in all Western Digital network attached storage devices running MyCloud OS 3, an operating system the company only recently stopped supporting.

Western Digital said it is aware of third parties offering security patches for My Cloud OS 3.

"But looking at the number of posts on Western Digital's support page related to OS3, I can assume the userbase is still considerable. It almost feels like Western Digital without any notice jumped to OS5, leaving all the users without support."

Dan Goodin at Ars Technica has a fascinating deep dive on the other zero-day flaw that led to the mass attack last month on MyBook Live devices that Western Digital stopped supporting in 2015.

In response to Goodin's report, Western Digital acknowledged that the flaw was enabled by a Western Digital developer who removed code that required a valid user password before allowing factory resets to proceed.

News URL

https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/