Printers are not simply “dumb” devices designed to squirt ink or deposit toner — most run rudimentary operating systems and some are capable of printing and scanning without a PC attached. While this is great for productivity, it also offers hackers with a new attack vector — one HP had to recently deal with.
A few days ago, HP issued a huge batch of firmware updates for its printers, including its PageWide, DesignJet, OfficeJet, DeskJet and ENVY ranges. HP’s bulletin offers the following information:
Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.
The update fixes two vulnerabilities — CVE-2018-5924 and CVE-2018-5925. However, if you check the CVE database, you’ll find the entries empty of specifics.
This will likely remain the case until HP is confident the firmware has been widely deployed.
While the odds of being compromised by the vulnerabilities are slim, it’s still recommended you update your printer firmware if you own an affected device. If you need help doing this, hit up HP’s support page on firmware updates.
[referenced url=”https://www.lifehacker.com.au/2016/09/hp-is-blocking-unofficial-replacement-cartridges-for-its-inkjet-printers/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2016/09/iStock-47497950-MEDIUM.jpg” title=”HP Is Blocking Unofficial Replacement Cartridges For Its Inkjet Printers” excerpt=”It seems that HP released a firmware for it’s inkjet printers that prevents the use of replacement cartridges that aren’t manufactured by the vendor. Read on to find out more.”]
[HP, via The Register]