A security vulnerability was revealed earlier this week in the Nvidia GeForce Experience. If you are not familiar this is Nvidia’s preferred, (meaning default), method of delivering drivers to their video cards. Most gamers using Nvidia cards likely have this application installed to keep their drivers updated. It also includes the ability to take screenshots and videos of gameplay, and livestream your gameplay to your friends. Out of the box most people will install this as it takes some searching to manually install and keep your drivers up to date. This highlights an inherent risk in forcing your users to use a complicated interface with direct access to your operating system. I’m sure the idea is to “gain customer buy-in” and create brand loyalty but it can backfire if your users end up being subjected to malware because your super slick and complicated interface has vulnerabilities. Please read the full writeup below!
https://rhinosecuritylabs.com/application-security/nvidia-rce-cve-2019-5678/