CVE-2022-24140

Name of the Vulnerable Software and Affected Versions IOBit Advanced System Care version 15 iTop Screen Recorder version 2.1 iTop VPN version 3.2 Driver Booster version 9 iTop Screenshot (affected versions not specified)

Description The issue concerns the update procedure of the affected software, which sends HTTP requests to download a config file. After downloading, the software parses the HTTP location of the update from the file and attempts to install the update automatically with ADMIN privileges. An attacker intercepting this communication can supply a fake config file with malicious locations for the updates, potentially gaining remote code execution on an endpoint.

Recommendations For IOBit Advanced System Care version 15, consider disabling the automatic update feature until a patch is available. For iTop Screen Recorder version 2.1, restrict access to the update module to minimize the risk of exploitation. For iTop VPN version 3.2, avoid using the automatic update feature in the affected version until the issue is resolved. For Driver Booster version 9, as a temporary workaround, consider disabling the update function until a patch is available. For iTop Screenshot, since the affected versions are not specified, it is recommended to exercise caution when using the update feature and to monitor for any potential patches or updates.