Intel Driver Update Utility flawed

Basically the driver updater looks over HTTP and downloads an unencrypted, easily parsable XML file with URLs leading to the files to download and execute as admin. A man in the middle attack could easily exploit this.

Source: Intel Driver Update Utility MiTM

This is a lot like the Drupal update vulnerability.

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Leave a Reply