14 DAY TRIAL // Western Digital has just rolled out firmware 02.43.09-038 developed for its My Book Live and My Book Live Duo cloud storages, which manages to resolve several Shellshock bash security vulnerabilities, and more.
In other words, you should definitely consider upgrading your device to this release, as it removes the risk of unauthorized modification and disclosure of information.
Specifically speaking, WD’s new firmware resolves the CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, and CVE-2014-6278 vulnerabilities that are a result of an improper fix originally applied for the 6271 CVE ID.
To be clearer, CVE-2014-6271, which allowed attackers to execute arbitrary code via a crafted environment, led to the existence of CVE-2014-7169 through which these unwanted users could write to files or have unwanted privileges in the same environments.
Moving forward, the CVE-2014-6278 problem exists because of CVE-2014-6277, which in turn originates from the unresolved CVE-2014-7169 vulnerability. Also, both issues give attackers unauthorized access.
Besides these common vulnerabilities and exposures, WD’s 02.43.09-038 firmware manages to remove CVE-2014-7186 and CVE-2014-7187, that are also known as “redir_stack” and “word_lineno” issues, respectively.
Last but not least, installing this update will resolve an issue in which remote connections through web portal were improperly redirected to Oracle’s website or were blocked when applying Java 7 Update 51, and it also improves the stability of these connection types.
With this in mind, go ahead and download WD My Book Live Firmware 02.43.09-038 or download WD My Book Live Duo Firmware 02.43.09-038, apply it on your storage, and enjoy your newly-increased security level.
