Hewlett-Packard accepted that software used to control two of its color printers could be used to remotely steal files from Windows PCs by hackers.
The bug affects the Toolbox software that comes with the Color LaserJet 2500 and Color LaserJet 4600 printers. In its default configuration, the Toolbox lets users remotely monitor the status of a connected printer, which could allow an attacker to hack into jacked-in computers, then read any file on the hard disk.
HP’s advisory links to a software update to the Toolbox that patches the bug.
Graham Cluley, a senior technology consultant at U.K. security company Sophos, said, “A vulnerability like this opens the door for hackers to spy on your sensitive information. Users running the affected software should upgrade the software as soon as possible.”