HP warns of printer software risks

Security hole in software for Color LaserJet printers could open a door for cybersnoops.

A security flaw in software that ships with two of Hewlett-Packard Color LaserJet printers could open a door for cybersnoops, HP has warned.

The vulnerability lies in the Toolbox software that comes with HP's Color LaserJet 2500 and 4600 printers, the company said. The flaw could allow a remote, unauthorized malicious user to retrieve arbitrary files from a Windows computer when the software is running in the default configuration, HP said in a security alert published Sunday.

The Toolbox is software that installs on a PC along with the drivers. It uses a simple Web browser interface for access to printer status information, troubleshooting tips and demos, and an alerts feature.

HP has made HP Color LaserJet 2500/4600 Software Update version 3.1 available to resolve the security issue, it said. Security monitoring company Secunia rates the issue "less critical." The flaw is caused by an input validation error in the Web server that's part of the software, according to a Secunia alert, published Wednesday.

Discovery of the flaw is credited by HP and Secunia to Richard Horsman of Sec-1.com.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Is a 12.9-inch iPad Pro coming soon?

Apple may be getting ready to unveil the iPad Pro, iPad Mini 4 and a new Apple TV. Also, Google's Nexus refresh starts Sept. 29 and Tesla announces pricing on the Model X SUV.

by Jeff Bakalar