Logitech Keystroke Injection Flaw Went Unaddressed for Months

From threatpost.com

The flaw allows a remote attacker to gain full access over a machine.

Computer peripheral giant Logitech has finally issued a patched version of its Logitech Options desktop app, after being taken to task for a months-old security flaw. The bug could have allowed adversaries to launch keystroke injection attacks against Logitech keyboard owners that used the app.

Google Project Zero security researcher Tavis Ormandy found the bug in September and publicly disclosed the vulnerability this week. The Logitech Options app lets users customize the functions of their Logitech computer peripherals, including mice, keyboards and touchpads.

Read more…