Security News > 2022 > March > Western Digital app bug gives elevated privileges in Windows, macOS
Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service attacks.
EdgeRover is a centralized content management solution for Western Digital and SanDisk products, unifying multiple digital storage devices under a single management interface.
Considering that Western Digital is one of the world's most successful manufacturers and retailers of digital storage products, there are likely a significant number of people using EdgeRover for data management.
Western Digital's brief advisory does not provide much detail regarding the vulnerability, so it is not clear if it is a DLL hijacking bug allowing local privilege elevation or a bug allowing access to unprivileged data locations.
Western Digital is advising its customers to update their EdgeRover desktop applications to version 1.5.1-594 or later, released last week to resolve these vulnerabilities.
Western Digital addressed the security problem by correcting the file and directory permissions to prevent unauthorized access and modification.