Today, NVIDIA Patches High-Risk Vulnerability In GeForce

GeForce Now, NVIDIA’s cloud-based game infrastructure, is a vulnerability to privilege escalation and an open source library called OpenSSL is the origins of the dilemma …

Thursday, November 12, 2020, 12:55 GMT

Enables malicious binaries to be planted [Security News Writer Ga-Yong Moon] Graphics card manufacturer NVIDIA has a Windows device A alert that is harmful to consumers of games. This is because in an application called GeForce NOW, a high-risk bug was discovered. Manipulation of this vulnerability may lead to privilege escalation or the execution of arbitrary code.

GeForce Now, a cloud-based gaming service offered by NVIDIA that enables you to play games on desktops , notebooks, Macs and Android devices in real time, is the root of the issue. Approximately 4 million users are known to subscribe to GeForce Now, and it shows steady development.

The high-risk vulnerability CVE-2020-5992 discovered in GeForce Now was exposed by NVIDIA in a security advisory on Tuesday. 7.3 points was the CVSS average. GeForce Now’s OpenSSL repository, which is an open source library used to protect communications over computer networks, is said to be an concern.

The OpenSSL library is vulnerable to binary-planting attacks, according to NVIDIA. Binary planting refers to attackers planting binary files into the victim’s file system containing malicious code. This vulnerability is exposed to all releases previous to 2.0.25.119, and users are urged to update.

“All customers open the GeForce Now program and have automated updates downloaded to secure the device. We request that you follow the guidelines for installing the update. “This is the reason for NVIDIA.”

A host of security concerns have recently been announced by Nvidia, which has been producing goods for the user interface of gamers. Two bugs in the GeForce Experience app for Windows were also found not long ago. CVE-2020-5977 is particularly extreme among them, and it is studied that it allows numerous malicious acts such as code execution, server paralysis, and elevation of privilege.

Prior to that, a patch was released by NVIDIA in October alleging that a crucial flaw was discovered in high-performance DGX servers. This made it possible for attackers to access confidential data generated by government agencies and Fortune 100 businesses.

In addition to Nvidia, a variety of security vulnerabilities have also recently been faced by other chip makers. In the case of Intel, multiple items were noticed and updated with errors. Fatal Bluetooth and Wi-Fi based bugs were among these. A side-channel attack strategy called PLATIPUS has been published this week.