HP issues security warning

August 8, 2018

The OEM has announced that as many as 150 models of printer could be affected by a new bug, and has released two firmware patches to users to remedy it.

According to the company, “two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.”

The bugs are classed as “critical” and have the capacity to allow remote code execution.

The bug is affecting a wide range of HP models, including from the Pagewide Pro series, the DesignJet series, the Officejet, Deskjet, and Envy series. A complete list of more than 150 affected models is available from HP here.

In response to the bug, the OEM has issued two firmware update patches, available from its Software and Drivers page.

The news comes only days after HP launched its “bug bounty” drive, offering hackers up to $10,000 (€8,566) to detect security bugs and vulnerabilities in its products. The OEM explained that the initiative was as part of its commitment to “deliver the world’s most secure printers.”

The latest firmware updates offered by HP as a remedy to the new security problems could cause further headaches for the aftermarket, which is already faced with being locked out by the OEM’s most recent firmware updates, timed to coincide with the upgrading of several of its cartridges; this represents a particular problem, as the cartridges retain their original index numbers, leading to serious confusion.

Categories : World Focus

Tags : Cybersecurity Firmware Hacking HP OEM