Asus aura sync and gigabyte xtreme software contain vulnerabilities

A security company called SecureAuth has shared the news that several Asus and Gigabyte drivers contain vulnerabilities. The drivers come with the tools that companies provide for motherboards and graphics cards, these are the drivers and utilities related to Aura Sync and Gigabyte Xtreme.

Asus Aura Sync and Gigabyte Xtreme drivers and tools have security vulnerabilities

In total, there are seven vulnerabilities affecting five software products, and the researchers wrote an exploit for each of them. Many of them could go on unattended. Two of the vulnerable drivers are installed by ASUS Aura Sync software (v1.07.22 and earlier).

Vulnerabilities can lead to escalation of privileges through software such as Gigabyte App Center (v1.05.21 and following), AORUS Graphics Engine (v1.33 and following), the XTREME Engine utility (v1.25 and earlier), and OC Guru II (v2.08), all of these in the case of Gigabyte products. The vulnerabilities are tagged under CVE-2018-18535, CVE-2018-18536, and CVE-2018-1853. The first and last allow code execution with high rights, the second can lead to reading and writing data through the I / O ports.

ASUS was informed of these vulnerabilities in November last year. In April, Asus released a new version of Aura Sync, but it only fixed two of the three problems, according to SecureAuth.

In the case of Gigabyte, it is more serious, these would have been notified, but the company assured that its products were not affected by the vulnerabilities, contradicting SecureAuth. Now that these security vulnerabilities are made public, Gigabyte may react to these reported security issues.

Are Gigabyte apps really safe? We can't say for sure, Gigabyte says one thing and SecureAuth says another. The most recommended is to wait for a new update of each of them before installing them on our system.

Guru3D Font