Synology Urgently Patches Critical Zero-Day Vulnerabilities

Security flaws in Synology NAS devices allow remote code execution, prompting immediate updates to prevent potential attacks.

Two zero-click vulnerabilities were discovered in Synology's Photos and BeePhotos apps, affecting millions of devices.
The flaws, demonstrated at the Pwn2Own 2024 contest, enable attackers to gain root access and execute remote code.
Synology released patches within 48 hours, but updates must be manually applied by users to protect their systems.
Devices connected via Synology's QuickConnect service are particularly vulnerable, even if not directly exposed to the internet.
Security experts warn of the risk of ransomware attacks and the potential for devices to be used in botnet operations.