Nvidia updated its GeForce Experience app on March 26 to resolve a critical security flaw that left its users vulnerable to code execution, denial of service and escalation of privilege attacks.
The vulnerability was discovered by Rhino Security Labs, a penetration testing company that looks for security flaws in everything from mobile apps to corporate networks. Here's how the company explained the problem in a blog post published today:
"This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation."
Rhino Security Labs also said this vulnerability "could have been chained with a denial of service vulnerability to gain full privilege escalation." That could give attackers unfettered access to everything stored on their target's system.
This is especially worrisome because GeForce Experience is automatically installed when someone starts using an Nvidia graphics card. The app makes it easy to install driver updates while also enabling many of the graphics company's other tools.
It seems like those tools are related to this vulnerability. Nvidia said in the security advisory that the security flaw only affected people with ShadowPlay, NvContainer, or GameStream enabled, but all three may be enabled by default.
Nvidia said this vulnerability can only be resolved by installing GeForce Experience 3.18 via the app's built-in update tool or the GeForce Experience Downloads page. There are no other mitigations, and the flaw affects all previous versions of the app.
