WDC-19015 - WD Discovery, SanDisk ibi, and SanDisk Flashback - Local Escalation of Privileges

WD Discovery, SanDisk ibi, and SanDisk Flashback - Local Escalation of Privileges

WDC Tracking Number: WDC-19015
Product Line/Web: WD Discovery, SanDisk ibi, SanDisk Flashback
Published: November 22, 2019

Last Updated: November 22, 2019

Description

WD Discovery, SanDisk ibi, and SanDisk Flashback were vulnerable to a local escalation of privilege.

Product Impact

Minimum Fix Version

Last Updated

WD Discovery Mac

3.6.163.0

November 22, 2019

WD Discovery Windows

3.6.163.0

November 22, 2019

ibi Version

3.9.336

November 22, 2019

Flashback for Mac

3.2.190

November 22, 2019

Flashback for Win

3.2.190

November 22, 2019

Advisory Summary

An API intended to support automatic software update incorrectly allowed arbitrary command execution. Additionally, privileged executables used to communicate with hardware devices were installed with incorrect permissions. The affected API has been removed and the privileged executables have been moved to a restricted directory.

Add up to 4 products

{{ skuObj.title.length < 15 ? skuObj.title : skuObj.title.substring(0,14) + "..." }}

Compare

Details & Exclusions

Sign In

Sign In for Business

Resend Verification Email

Reset Password

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

WD Discovery, SanDisk ibi, and SanDisk Flashback - Local Escalation of Privileges

Description

Advisory Summary