Two Critical HP Printer Patches Released, Over 225 Printer Models Affected

HP printer bug patch

A firmware update has been posted by HP Inc. addressing a duo of critical security vulnerabilities in the company’s Inkjet printers.

The update contains patches CVE-2018-5925 and CVE-2018-5924. This duo of flaws could be exploited by a hacker if they were to print a file that essentially triggers a static or stack buffer overflow. This would enable the hacker to execute malicious code onto whichever printer they target.

HP stated that around 225 Inkjet printer models will need to have the patch applied. These include the company’s OfficeJet, Pagewide, HP Envy, DeskJet, and DesignJet product lines.

A bug bounty program was opened up by HP recently. The company intends to bring in more researchers so they can uncover a greater number of printer vulnerabilities before hackers can exploit them.

The company’s bug bounty program, partnered with Bugcrowd, will be observing the PC and printers’ side of the HP break-up offering $10,000 a piece to researchers for reporting any security vulnerabilities.

Shivaun Albright, HP print security chief technologist stated that HP is aiming to protect their printers from the increasing number of malware packages and botnets targeting printers, as well as other internet-facing devices with little-to-no security protection.

Albright also said: “As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up. HP is committed to engineering the most secure printers in the world.”

HP’s new bug bounty program gave a second reason for their continuous marketing push. The company wishes to enterprise its customers around its printer line’s security.

Hewlett-Packard also noted that it will not just hand out bounty payments for bugs that were previously unknown; it will also make “good faith” payments to the researchers who essentially report bugs already uncovered by the company, but not yet patched and disclosed.

Please leave any comments about this article below

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients