Blog

Security Issues Found In Several VNC Applications

Dec 7, 2019 | Blog

Microsoft RDP has its share of problems.

That simple truth has sparked the rise of a number of open-source VNC (Virtual Network Computing) applications, which allow a user to remotely control another computer.

Regardless of which VNC solution you use, they all work pretty much the same way.

There’s a “server component” which runs on the computer that shares its desktop. There is also a “client component” which runs on the computer that will access the share from a remote location.

There are a few VNC applications on the market compatible with every OS in use today. In the VNC ecosystem, the “Big Four” are LibVNC, UltraVNC, Tight VNC, and TurboVNC.  Recently, researchers at Kaspersky Lab audited these four on a quest to discover how secure they were.  Their findings were disappointing to say the least.

Overall, the researchers found a total of 37 serious flaws in the client and server portions of these four programs. 22 of them were found in UltraVNC, with another ten found in LibVNC, 4 in TightVNC, and one in TurboVNC, which looks to be the best of the bunch in terms of security.

The research team had this to say about their findings:

“All of the bugs are linked to incorrect memory usage.  Exploiting them leads only to malfunctions and denial of service – a relatively favorable outcome.  In more serious cases, attackers can gain unauthorized access to information on the device or release malware into the victim’s system.”

Although only one flaw was found in TurboVNC, it’s a serious one that would allow a determined attacker to remotely execute code on the server side.

If there’s a silver lining to the recent research it is the fact that Kaspersky notified the development teams of all four of the programs they audited. Also, all four have been patched and updated. If you use any of those, just make sure you’re using the latest version and you can use them with confidence.  Kudos to Kaspersky for their efforts, and to the developers to responding swiftly to the company’s findings.

 

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech