REVIEW

Western Digital customers urged to update to latest version of My Cloud OS

26 March 2022
0 144 2 minutes read
Western Digital Customers Urged To Update To Latest Version Of My Cloud Os

Western Digital has pushed a new firmware update for its My Cloud OS, fixing a high- severity vulnerability that was discovered during a recent hacking contest.

As reported by BleepingComputer, cybersecurity experts from the NCC Group exploited a flaw in Netatalk Service, an open-source implementation of the Apple Filing Protocol (AFP) that allows for Unix-like operating systems to serve as file servers for macOS clients.

The flaw, now tracked as CVE-2022-23121, carries a severity score of 9.8/10, as it allows threat actors to run any code on the target endpoint, without authentication.

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window

Removing Netatalk

“The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries,” the Zero Day Initiative advisory reads. “An attacker can leverage this vulnerability to execute code in the context of root.”

As a result, Western Digital pulled the Netatalk service completely from the My Cloud OS, starting with firmware version 5.19.117, and has advised all WD NAS users to update their endpoints to this version.

These are the devices considered vulnerable to the exploit:

My Cloud PR2100My Cloud PR4100My Cloud EX2 UltraMy Cloud EX 4100My Cloud Mirror Gen 2My Cloud EX2100My Cloud DL2100My Cloud DL4100

Read more

> Western Digital desktop app exposes Windows and macOS users to attack

> WD My Cloud NAS boxes can be hacked over the internet, claim researchers

> Western Digital admits it throttled write speeds with flash memory change

WD NAS users who decide to update their devices to the latest version can no longer use the Netatalk service, but can continue accessing network shares via SMB.

The Netatalk development team didn’t sit idly, however. After the remote code execution bug was exploited in the contest, they pushed an update fixing CVE-2022-23121 and a number of other known vulnerabilities, some of which was classified as critical.

These are the best cloud storage right now

Via BleepingComputer

Spread the love

Related posts:

  1. Final Fantasy 7: The First Soldier date set for iOS and Android
  2. Final Fantasy XIV: Endwalker Delayed to December 7
  3. Forza Horizon 5 review – gone hooning
  4. It looks like Naruto is coming to Fortnite next week
  5. How to download Halo Infinite multiplayer and fix the blue screen error
  6. God of War Ragnarok Launch Date Possibly Leaked via PS Store DB
  7. Believe your eyes: Microsoft has agreed to acquire Activision Blizzard
  8. Nintendo will not be at Gamescom this year
  9. Fall Guys patch fixes more free-to-play launch issues, including voice chat woes
  10. Companies Should Release More Classic Game Collections
26 March 2022
0 144 2 minutes read
Show More

Related Articles

Battlefield 2042 Hazard Zone Screen 3 1

Here’s what Battlefield 2042’s scoreboard could look like

13 December 2021
Homeworld3 Preview 3

Homeworld 3 Emerges From Deep Space

2 September 2022
Battle For Middle Earth 3 Best Lotr Game

What if: the best Lord of the Rings games on PC got a sequel?

7 November 2021
Teenage Mutant Ninja Turtles Shredders Revenge 640x360

Limited Run Games Handling Physical Copies of TMNT: Shredder’s Revenge

30 May 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button