One recent event that highlights the relentless pace of this digital arms race is QNAP’s swift action to patch a second zero-day vulnerability. QNAP has addressed a second zero-day vulnerability that was exploited by security researchers during the recent Pwn2Own hacking contest.
The critical SQL injection (SQLi) flaw, identified as CVE-2024-50387, was discovered in QNAP’s SMB Service. This vulnerability has now been patched in versions 4.15.002 or later and h4.15.002 and later. The fix was implemented a week after researchers YingMuo, participating through the DEVCORE Internship Program, successfully exploited the flaw to gain root access to a QNAP TS-464 NAS device at Pwn2Own Ireland 2024.
The Pwn2Own Competition
The Pwn2Own competitions are legendary in cybersecurity circles. These events invite the brightest ethical hackers from around the globe to demonstrate their skills by identifying and exploiting vulnerabilities in widely used software and hardware. The stakes are high, with significant monetary rewards and prestige on the line. The ultimate goal, however, is to strengthen the security of the products we rely on daily by exposing and rectifying their weaknesses.
At the 2024 Pwn2Own Ireland event, a critical vulnerability was
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.