A few days back, HP found an issue in the security advisory for its Touchpoint Analytics. It was stated that it contained a security flaw due to which malware could gain access to admins and take over vulnerable systems. This issue was noted by security researchers from SafeBreach Labs.
HP fixed the issue and released updates in October.
According to the reports the owners of HP desktop and laptops were told to follow the instructional details in the company’s security advisory and update their Touchpoint Analytics client as soon as possible.
As per the reports, the security flaw in HP Touchpoint Analytics was founded in July by the researchers.
Security researchers at SafeBreach said that they discovered a new vulnerability which could affect every version below 18.104.22.16827.
The HP Touchpoint Analytics app comes under the category of bloatware which is a type of software that by default comes pre-installed on new devices.
The purpose of the app is to collect diagnostics data about hardware performance and send the information to the firm.
The app falls under whitelist and works with admin rights on HP systems, which access various details of software drivers as well as other hardware components.
Peleg Hadar, a security researcher with SafeBreach Labs said: “There is a way to hijack the application’s normal mode of operation and load malicious DLL files to run rogue code with elevated privileges”.
According to the reports, Hadar found the vulnerability which the experts call LPE (local privilege escalation) and it is common in modern software.
For the latest tech news and blogs, follow JPLoft on Twitter, Facebook, Instagram, and LinkedIn.