Synology Patches Zero-Day Vulnerabilities Discovered at Pwn2Own Ireland
Synology has released fixes for multiple zero-day vulnerabilities in its network-attached storage (NAS) devices, stemming from research presented at the Pwn2Own Ireland hacking competition. The flaws, demonstrated by security researchers, allow for potential remote code execution and compromise of user data.
The Pwn2Own Ireland event, organized by Trend Micro and the Zero Day Initiative (ZDI), provides a platform for researchers to uncover and responsibly disclose zero-day vulnerabilities in popular consumer devices. This year’s competition resulted in the finding of 73 zero-day flaws across a range of products,with researchers collectively earning over $1 million in bug bounties.ZDI operates under a disclosure agreement, withholding technical details until patches are available to protect users.Details of these specific Synology vulnerabilities will be released in the coming months via ZDI’s bulletin board and researcher blogs.
QNAP recently addressed seven zero-day vulnerabilities identified at the same event, highlighting a recent surge in NAS-focused exploitation attempts. The vulnerabilities underscore the increasing importance of proactive security measures for NAS devices, which often store sensitive personal and business data. Users are advised to promptly apply the latest updates from Synology to mitigate potential risks.
