Intel advises users to delete Remote Keyboard App over unpatched security vulnerability

A critical flaw in the Intel Remote Keyboard app for iOS and Android has led to the decision by Intel to discontinue the app, and the company advises all users to uninstall it as soon as possible.

The company announced its decision on Tuesday, following the discovery of three security bugs that affect all versions of the Intel Remote Keyboard.

The bugs, discovered by three different researchers, when exploited, allow a nearby network attacker to inject keystrokes into remote keyboard sessions, and also execute malicious code on the user’s Android device.

Two of the bugs have received a severity score of “high,” but one of the issues was classified as “critical.”

CVE-2018-3641 allows a network attacker to inject keystrokes as a local user. (Critical)

CVE-2018-3645 allows a local attacker to inject keystrokes into another remote keyboard session. (High)

CVE-2018-3638 allows an authorized local attacker to execute arbitrary code as a privileged user. (High)

 

Advertisements