Logitech Unifying Receivers Vulnerable to Key Injection Attacks

[silversurfer]

Four new vulnerabilities were found to affect all Logitech's Unifying USB receivers that allow users to connect up to six different compatible Logitech wireless presentation remotes, mice, and keyboards to the same computer via a 2.4 GHz radio connection.
 
Security researcher Marcus Mengs discovered that the flaws are caused by Logitech dongles' outdated firmware and that they allow attackers with physical access to their targets' computers to exploit the bugs and launch keystroke injection attacks, record keystrokes, and take control of compromised systems.
 
Out of the four vulnerabilities found by Mengs, Logitech confirmed that they'll only fix two of them, with the rest to remain unpatched until the company has a change of mind in the future:
• CVE-2019-13054 and CVE-2019-13055 - vulnerabilities that will get a patch in August 2019
• CVE-2019-13052 and CVE-2019-13053 - vulnerabilities that won't be fixed

SOURCE: https://www.bleepingcomputer.com/news/se...n-attacks/