Western Digital tells EdgeRover users to patch app again

2022-03-21 15:30

Users of Western Digital's EdgeRover app for Windows and Mac are advised to download an updated version to avoid a security flaw that might allow an attacker unauthorized access to directories and files.

According to Western Digital, the flaw meant that EdgeRover was subject to a directory traversal vulnerability, which may have allowed an attacker to carry out a local privilege escalation and bypass file system sandboxing.

Western Digital posted a notification to its support site informing users of both the Windows and Mac versions of the EdgeRover Desktop App that they need to ensure they are running release version 1.5.1-594 at a minimum in order to have the fix for this issue.

The EdgeRover app is designed to provide users with a single view of their content, which may be spread across multiple storage devices and cloud storage services.

EdgeRover creates a searchable and browsable catalog of all content, and also provides tools to manage supported Western Digital and SanDisk storage devices.

In particular, EdgeRover is able to change vital settings on supported Western Digital and SanDisk devices, including the ability to set passwords, delete content, and rename devices, which would allow an attacker plenty of scope to cause mischief.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/21/wd_edgerover_app_flaw/

#digital #patch #westerndigital