The second glitch, CVE-2018-18536, is in both the GLCKIo and Asusgion drivers and consists in exposing a way that permits reading and writing data from and to IO ports. To demonstrate the flaw, the researchers created a proof-of-concept (PoC) that ends with triggering a system crash.
#Asus n53s drivers download driver
When added to the system, Aura Sync also installs the GLCKIo and Asusgio drivers, which are vulnerable to CVE-2018-18537, CVE-2018-18536, CVE-2018-18535 security bugs that allow code execution.ĭiego Juarez, exploit writer at SecureAuth discovered and studies these flaws the security company disclosed them responsibly but after releasing two new versions for Aura Sync, ASUS still left two of the vulnerabilities unaddressed, the researchers say in an advisory published today.ĬVE-2018-18537 can be exploited in the GLCKIo driver by writing an arbitrary "double word" to an arbitrary address. Three bugs found in ASUS' GLCKIo and Asusgio driversĪura Sync is a utility that enables the user to synchronize the lighting via RGB strips used with compatible products such as motherboards, graphics cards, and peripherals (keyboards, mice) for a personalized gaming experience.
#Asus n53s drivers download software
The vulnerabilities lead to privilege escalation via software like the GIGABYTE App Center (v1.05.21 and below), AORUS Graphics Engine (v1.33 and below), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08). The drivers from GIGABYTE are distributed with motherboards and graphics cards of the same brand as well as from the company's subsidiary, AORUS. Two of the vulnerable drivers are installed by the Aura Sync software (v1.07.22 and earlier) from ASUS and the flaws they carry can be exploited for local code execution. In total, there are seven vulnerabilities affecting five software products, and researchers wrote exploit code for each of them. Four drivers from ASUS and GIGABYTE come with several vulnerabilities that can be leveraged by an attacker to gain higher permissions on the system and to execute arbitrary code.
0 kommentar(er)
