HP Releases Firmware Update To Stop Hackers Hijacking Your Printer

Printers are not simply “dumb” devices designed to squirt ink or deposit toner — most run rudimentary operating systems and some are capable of printing and scanning without a PC attached. While this is great for productivity, it also offers hackers with a new attack vector — one HP had to recently deal with.

A few days ago, HP issued a huge batch of firmware updates for its printers, including its PageWide, DesignJet, OfficeJet, DeskJet and ENVY ranges. HP’s bulletin offers the following information:

Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.

The update fixes two vulnerabilities — CVE-2018-5924 and CVE-2018-5925. However, if you check the CVE database, you’ll find the entries empty of specifics.

This will likely remain the case until HP is confident the firmware has been widely deployed.

While the odds of being compromised by the vulnerabilities are slim, it’s still recommended you update your printer firmware if you own an affected device. If you need help doing this, hit up HP’s support page on firmware updates.

[referenced url=”https://www.lifehacker.com.au/2016/09/hp-is-blocking-unofficial-replacement-cartridges-for-its-inkjet-printers/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2016/09/iStock_47497950_MEDIUM-768×432.jpg” title=”HP Is Blocking Unofficial Replacement Cartridges For Its Inkjet Printers” excerpt=”It seems that HP released a firmware for it’s inkjet printers that prevents the use of replacement cartridges that aren’t manufactured by the vendor. Read on to find out more.”]

[HP, via The Register]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


Leave a Reply