Summary: Security researcher Naor Hodorov has discovered a significant vulnerability (CVE-2024-12754) in AnyDesk, a widely-used remote administration software, which allows low-privileged users to gain elevated access to a system. The vulnerability arises from a file operation performed by the AnyDesk service, enabling malicious users to exploit it for local privilege escalation and potential control of sensitive files. Users are strongly advised to update to version v9.0.1 to mitigate the risk of exploitation.
Affected: AnyDesk remote administration software
Keypoints :
- Vulnerability CVE-2024-12754 allows low-privileged users to gain elevated access.
- Exploitable through the AnyDesk service copying background images to a restricted directory.
- Patch available in AnyDesk version v9.0.1; users are encouraged to update immediately.