Security News > 2024 > November > Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability
2024-11-10 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. Google patches actively exploited Android vulnerability (CVE-2024-43093) Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: … More → The post Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/11/10/week-in-review-zero-click-flaw-in-synology-nas-devices-google-fixes-exploited-android-vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-10443 Command Injection vulnerability in Synology Beephotos and Photos
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-77
critical
9.8
2024-11-13 CVE-2024-43093 Unspecified vulnerability in Google Android
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization.
local
low complexity
google
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4226 4525 728 9732
Synology 55 5 102 99 38 244