Western Digital fixes security vulnerability in EdgeRover for Windows and macOS

Last year, Western Digital users had issues with their My Book Live drives auto-erasing due to a bug in the firmware. Now, the company’s desktop utility EdgeRover has been found to have a serious security vulnerability that could have put users’ data at risk again.

For those who don’t know what it is, EdgeRover is a useful tool that allows you to catalog the contents of your drive and use it as a database to quickly search for files, scan and detect duplicates, automatically organize your photos and videos as collections, etc.

Ironically, this is not the first time a serious security issue has been discovered in EdgeRover. A couple of months ago the application was updated to patch two security threats related to FFmpeg, these flaws could have resulted in remote code execution or a DoS (denial of service) attack.

Coming back to the topic at hand, Beep Computer notes that the latest vulnerability, tracked at CVE-2022-22988, has been rated critical, with a CVSS 3 severity rating of 9.1. The bug came to light when it was discovered by security researcher, Xavier Danest. He reported it to Western Digital, so that the company could analyze and fix the problem. Western Digital released a new version of EdgeRover a few days ago to fix the security flaw. It has also published a security advisory, WDC-22004, to educate users about the threat and its severity.

The issue summary calls the issue in EdgeRover a “directory traversal vulnerability.” He goes on to explain that if the flaw had been exploited, it could have allowed an attacker to perform local privilege escalation, i.e. gain administrator rights on the computer. This, in turn, would allow the hacker to access sensitive information stored on the PC or execute a DoS attack. That is, of course, as long as the hacker had access to the computer in the first place.

To fix the problem, Western Digital had to modify the permissions management system on EdgeRover to restrict the files and directories it can access. In other words, the program will no longer load system folders that might have been bypassed to gain elevated rights on the system.

Whether the security vulnerability was exploited by hackers remains a mystery. If you are using EdgeRover on your Windows or macOS computer, you should update to the latest version of the program as soon as possible to avoid potential security issues and keep your data safe. The current version of the tool, which includes the security fix for the flaw, is version 1.5.1-594. You can download the installer of the program from the official website.

I prefer to organize my content manually. While the old-school approach may lack the convenience that automated software can provide, managing data on your own gives you greater control over content. You don’t have to worry about privacy policies or your data being accidentally deleted. As for searching through the files, the Everything desktop search engine gets the job done.

And you? Do you use programs to catalog your data?

advertising