Geeks for your information News Privacy & Security News v
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  29 June 21, 08:16
Quote:NVIDIA gaming graphics software called GeForce Experience, bundled with the chipmaker’s popular GTX GPU, is flawed and opens the door to a remote attacker that can exploit the bug to steal or manipulate data on a vulnerable Windows computer.
 
NVIDIA notified customers late last week of the bug and released a software patch for the flaw, which is present in its GeForce Experience (versions 3.21 and prior) Windows software. A 3.23 GeForce update is available now to mitigate the bug.
 
The bug is tracked as CVE‑2021‑1073, with a CVSS severity rating of 8.3 (high). The company warned: “NVIDIA GeForce Experience software contains a vulnerability where, if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session. Such an attack may lead to these targeted users’ data being accessed, altered, or lost.”

Who is Vulnerable to the NVIDIA Spoofing-Attack Bug?
 
The prerequisites for an attack, known as a spoofing attack, include an adversary with network or remote access to the vulnerable PC. According NVIDIA details, because the victim must be coaxed into clicking on a malicious link, the attack is considered complex, reducing the risk of a successful exploitation.

The spoofing attack vulnerability is tied to incorrect processing of “special formatted links” in the NVIDIA GeForce Experience software. “A remote attacker can create a specially crafted link that opens the GeForce Experience login page in a new browser tab instead of the GeForce Experience application and enters their login information, the malicious site can get access to the token of the user login session,” according to a breakdown of the bug posted to Cybersecurity Help.

NVIDIA did not indicate if this vulnerability has been exploited. However, working exploits of the attack are not publicly available.

Read more: NVIDIA Patches High-Severity GeForce Spoof-Attack Bug | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
F-Secure 26.2
Version 26.2​ R...harlan4096 — 08:11
Google Chrome’s New Split View Lets User...
Google has official...harlan4096 — 08:08
Intel shares Granite Rapids-WS Xeon 600 ...
Intel posts Xeon 6...harlan4096 — 09:49
Manjaro Linux 26.0.3 Build 260228
Manjaro Linux 26.0...harlan4096 — 08:20
K-Lite Codec Pack 19.5.0 / 19.5.4 Update
Changes in 19.5.4 ...harlan4096 — 08:19

[-]
Birthdays
Today's Birthdays
avatar (51)Claudestync
Upcoming Birthdays
avatar (44)gapedDow
avatar (38)snorydar
avatar (43)Hectorvot
avatar (51)knowhanPluts
avatar (39)Williamengiz
avatar (46)qaqapeti
avatar (44)battsourIonix
avatar (43)CedricSek
avatar (39)chasRex
avatar (43)slavrProck
avatar (45)Tyesharaike
avatar (49)TomeRerla
avatar (45)walllMIZ
avatar (41)oconyho
avatar (33)uteluxix
avatar (47)piafcflene
avatar (39)Matthewkah
avatar (51)tersfargum
avatar (50)alfreExept
avatar (38)Charlesfibre
avatar (42)napasvem
avatar (44)diploJeoca
avatar (38)francisnj3
avatar (43)artmaGoork
avatar (45)tukraNax
avatar (41)RichardCisee
avatar (40)ebenofit
avatar (38)ykazawu
avatar (41)ARYsahulatbazar

[-]
Online Staff
There are no staff members currently online.

>