If Asus Live Update works as advertised, this means that nothing should have been downloaded to my GL553VE. I set Asus Live Update to check for new updates, but not to download or install them. RE: Asus_USA's reply, MonopolyMeal is right. I work in tech support for an IoT business, so I understand how tricky these problems can be. Hi Asus_USA, I'm going to send you a PM with some additional info. Even though I didn't download or install the update, what is the likelihood that my laptop has been exposed to malicious code? Does Live Update try to run or download packages, even if its automatic install option is turned off?.If not, why did Live Update 3.4.3 try to send me a mystery bundle of code from dating from 2015?.Is ASUS Live Update 3.4.3 open to the same vulnerability recorded in the Github article above?.I've seen accounts posting on this sub that appear to belong to ASUS support personnel ( Asus_USA), so I'd like to ask for an explanation of what I saw last night. Thankfully, I had set Live Update to inform me when new updates were available but not to download and install them. I found this article on GitHub, which explains that an earlier version of Live Update can easily be tricked into downloading and executing code from any source: This seemed very suspicious, so I immediately uninstalled Live Update and Googled for vulnerabilities associated with the app. I checked its details in Live Update's interface and noticed that 1) there was no name given for the update in the interface's "Name" field, and 2) the update's "release date" entry was March 2015. Last night, Asus Live Update reported that a new "Critical" update was available. During initial set up I removed a lot of the OEM software it came pre-installed with, but I left ASUS Live Update (v3.4.3) alone, as it seemed to have a role in delivering BIOS updates. I purchased an ASUS ROG GL553VE back in July.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |