Intel has discontinued its popular iOS and Android app called Intel Remote Keyboard after security researchers found a critical bug.
The vulnerability leaves users of the app exposed to key jacking. On Tuesday, the company released a security advisory documenting the bug.
The critical bug, CVE-2018-3641, is described as an unauthenticated keystroke injection flaw which could lead to an escalation of privilege that could allow a network attacker to inject keystrokes as a local user.
Intel has also revealed another two vulnerabilities which impact the app. The first, CVE-2018-3638, allows attackers to execute arbitrary code as a privileged user. The second, CVE-2018-3645, allows an attacker to inject keystrokes in another remote session without permission.
All versions of the Intel Remote Keyboard app are affected by these flaws, and it doesn’t look like Intel has any desire to patch them. Instead, users are being asked to simply remove the application. In a statement, the company said:
“Intel has issued a Product Discontinuation notice for Intel Remote Keyboard and recommends that users of the Intel Remote Keyboard uninstall it at their earliest convenience.”
It is unusual for a bug like this to prompt a discontinuation of the app. An Intel spokesperson confirmed that the discontinuation was not actually related to the security advisory as the app was scheduled for termination anyways.
[via Thread Post]