Intel Patches High-Severity Flaws in Media SDK, Mini PC

[silversurfer]

Intel has released security updates addressing two high-severity vulnerabilities in its Intel Media Software Development Kit (SDK) and Intel NUC mini PC.
 
Overall, the chip giant on Tuesday patched four flaws across its products; the most severe of these vulnerabilities exist in Intel’s Media Software Development Kit (SDK) and could enable an authenticated attacker to gain escalated privileges.
 
Intel’s Media SDK is a software development package equipping developers with media acceleration capabilities on Intel platforms, including video and photo processing. The vulnerability ( CVE-2018-18094) has a CVSS score of 7.8, making it high-severity.

The glitch stems from improper directory permissions in the installer for Intel’s Media SDK (before version 2018 R2.1). These improper permissions “may allow an authenticated user to potentially enable escalation of privilege via local access,” said Intel. The chip company urged Intel Media SDK users to update to version 2018 R2.1 or later (updates are available for download here).

SOURCE: https://threatpost.com/intel-patches-hig...pc/143638/