Flaw fixed in HP’s controversial bloatware app
San Francisco, Oct 13 (IANS) HP has issued a security advisory for its Touchpoint Analytics, which was said to be containing a security flaw that could let malware gain admin rights and take over vulnerable systems, as noted by security researchers from SafeBreach Labs.
HP has released updates this month to address the issue.
HP desktop and laptop owners were advised to follow instruction details in the company’s security advisory and updated its Touchpoint Analytics client at their earliest convenience, ZDNet reported on Friday.
The researchers had found the security flaw in HP Touchpoint Analytics in July, according to the Tech republic.
Security researchers at SafeBreach said that they uncovered a new vulnerability which meant every version below 4.1.4.2827 was affected by what they found.
The HP Touchpoint Analytics app is falls under the category of bloatware which essentially a type of software that comes pre-installed on new devices.
The app’s purpose is to collect diagnostics data about hardware performance and send the information back to the firm.
The app usually whitelisted and runs with admin rights on HP systems, to be able to access various details from software drivers and other hardware components.
According to Peleg Hadar, a security researcher with SafeBreach Labs, there is a way to hijack the application’s normal mode of operation and load malicious DLL files to run rogue code with elevated privileges.
Hadar found that what security experts call a local privilege escalation (LPE), a type of vulnerability that’s quite common in modern software, the ZDNet report added.