"System security is not a matter to be taken lightly," I tell myself as I put off updating my BIOS for another month. Even though I tend to keep physical media backups and I'm not in the habit of clicking dodgy links, that doesn't mean my machine is locked down by any means. System vulnerabilities can sneak in among the very updater utilities folks rely on—and Asus has been having especially poor luck with these as of late.
A fresh vulnerability has been uncovered in Asus Armoury Crate, the all-in-one software hub that often comes preinstalled on laptops, like the Asus ROG Flow Z13, and handhelds such as the Asus ROG Ally X, or used to control various peripherals and components.
To use the club-going metaphor I've deployed before, picture this: a ne'er-do-well is already in line at the club—your PC—but when they get to the bouncer, they whip out a hand puppet. The hand-puppet vouches for the suspicious club-goer at first, before the hacker then gives up on ventriloquising to yell, "Hey, wait, what's that over there?" The hacker then whips off the hand puppet, lobs it at the distracted bouncer, and leapfrogs their way straight into the DJ booth. Their abysmal playlist is really the least of anyone's worries.
This is the second vulnerability to be uncovered in an Asus utility in as many months. In May, it was reported that DriverHub could be leveraged in a remote code execution attack—though the vulnerability was first found and reported to Asus way back in February. At the very least, it looks like Asus has been quicker to act this time. Does any of this mean I'm likely to update my BIOS sooner rather than later? Well, let's just say this 100-hour BIOS update stream is still making me think twice…I'd also rather be gaming than watching a progress bar, so my laziness wins out again!
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
