Shulou(Shulou.com)06/01 Report--

This article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

On Aug. 11, 2020, Intel intel issued the latest security announcement on its website, publicly thanking the houjingyi of the 360-CERT team for helping discover the local entitlement vulnerability in the OpenVINO toolkit (CVE-2020-12287).

Intel announcement said that attackers with local permissions can take advantage of this vulnerability to enhance their privileges. At present, intel has fixed the vulnerability in the new version of the security update. Intel Security brain advises relevant developers to complete the software upgrade as soon as possible to avoid the risk of malicious exploitation of the vulnerability.

(Hou Jingyi, senior security researcher at 360-CERT, was officially thanked by Intel.)

According to security experts, OpenVINO is a computer vision acceleration optimization framework based on deep learning developed by Intel. Nowadays, the research on deep learning is in full swing, and it is very convenient for developers to use various hardware acceleration resources of Intel through OpenVINO, so OpenVINO is also favored by relevant developers. As soon as the vulnerability was confirmed, 360-CERT submitted information related to the vulnerability to intel officials, and actively assisted intel in the research and repair of the vulnerability, dedicated to helping relevant developers to avoid security threats related to the vulnerability in a timely manner.

360 safe brain re-recognized

The "loophole excavator" of cyberspace security is invincible.

As a key force in the secure brain, the vulnerability research team has cumulatively found more than 2000 CVE vulnerabilities from major global manufacturers, including Apple, Google, Microsoft, Huawei, Qualcomm, VMWare, etc., making it the security manufacturer with the largest number of thanks in the world, setting a new world record, showing the security power from China to the world, and enjoying a high reputation in the industry.

The 360-CERT team, which acts as the "top team" of the 360security brain, has always adhered to the security principle of "coordination, active discovery and rapid response", focusing on the emergency response of security incidents or vulnerabilities upstream of the Internet, and focusing on emergency response, threat intelligence and vulnerability mining. 360-CERT has long initiated the security response process for major global security vulnerabilities. Issue authoritative early warning and security analysis reports to help users carry out prevention and treatment, protect users and Internet security, and have done excellent work in global network security threat detection and defense.

"loophole" is related to the security of the enterprise itself, the reputation of the brand and the vital interests of thousands of users. Once the loophole is first discovered and exploited by lawbreakers, the consequences will be unimaginable. 360 Security brain will continue to work with all ecological partners to guard cyberspace, race against evil forces, help major enterprises and manufacturers constantly improve system security, and strive to provide a secure network environment for the majority of users. to make the world safer and better.

This is the answer to the example analysis of the vulnerability found in the OpenVINO toolkit. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.