Author Topic: AnyDesk hacked  (Read 3222 times)

0 Members and 1 Guest are viewing this topic.

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7876
  • Country: de
  • A qualified hobbyist ;)
AnyDesk hacked
« on: February 05, 2024, 01:01:26 pm »
In case you're using AnyDesk make sure to update to the latest version (Windows client v8.0.8, signed with a new certificate). You can find a quite comprehensive report at https://borncity.com/win/2024/02/03/anydesk-confirmed-they-have-been-hacked-in-january-2024-production-systems-affected/ (several parts).
« Last Edit: February 05, 2024, 02:58:02 pm by madires »
 

Offline kripton2035

  • Super Contributor
  • ***
  • Posts: 2627
  • Country: fr
    • kripton2035 schematics repository
Re: AnyDesk hacked
« Reply #1 on: February 05, 2024, 01:15:11 pm »
seems like version 8 is for windows. what about the macos or linux v7 ?
thanks for the info.
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7876
  • Country: de
  • A qualified hobbyist ;)
Re: AnyDesk hacked
« Reply #2 on: February 05, 2024, 02:57:35 pm »
The latest version for macOS is v7.3.0 and for linux v6.3.0.
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7876
  • Country: de
  • A qualified hobbyist ;)
Re: AnyDesk hacked
« Reply #3 on: February 06, 2024, 12:44:01 pm »
Update:
Custom clients (customized version of the AnyDesk client) are still signed with the old cert when generated by the website, but they should be fine. In a few weeks they'll be signed with the new cert.
 

Offline madiresTopic starter

  • Super Contributor
  • ***
  • Posts: 7876
  • Country: de
  • A qualified hobbyist ;)
Re: AnyDesk hacked
« Reply #4 on: February 12, 2024, 02:40:11 pm »
Update:
A third party asked the CA (DigiCert) to revoke the old cert and the CA agreed. Tomorrow the old cert becomes invalid. At the moment no custom clients can be generated. This leaves support teams using a custom client in limbo, as the custom client with the old cert should be rejected soon by the OS when the CRL (certificate revokation list) is updated.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf