Blog

Security Issues Found In Several VNC Applications

By baypointetech December 7, 2019

Microsoft RDP has its share of problems.


That simple truth has sparked the rise of a number of open-source VNC (Virtual Network Computing) applications, which allow a user to remotely control another computer.


Regardless of which VNC solution you use, they all work pretty much the same way.


There's a "server component" which runs on the computer that shares its desktop. There is also a "client component" which runs on the computer that will access the share from a remote location.


There are a few VNC applications on the market compatible with every OS in use today. In the VNC ecosystem, the "Big Four" are LibVNC, UltraVNC, Tight VNC, and TurboVNC. Recently, researchers at Kaspersky Lab audited these four on a quest to discover how secure they were. Their findings were disappointing to say the least.


Overall, the researchers found a total of 37 serious flaws in the client and server portions of these four programs. 22 of them were found in UltraVNC, with another ten found in LibVNC, 4 in TightVNC, and one in TurboVNC, which looks to be the best of the bunch in terms of security.


The research team had this to say about their findings:


"All of the bugs are linked to incorrect memory usage. Exploiting them leads only to malfunctions and denial of service - a relatively favorable outcome. In more serious cases, attackers can gain unauthorized access to information on the device or release malware into the victim's system."


Although only one flaw was found in TurboVNC, it's a serious one that would allow a determined attacker to remotely execute code on the server side.


If there's a silver lining to the recent research it is the fact that Kaspersky notified the development teams of all four of the programs they audited. Also, all four have been patched and updated. If you use any of those, just make sure you're using the latest version and you can use them with confidence. Kudos to Kaspersky for their efforts, and to the developers to responding swiftly to the company's findings.

 

Used with permission from Article Aggregator

< Older Post

 Newer Post >

Related Posts

The Role of Mobile Apps in Expanding Small Business Reach

By Mersad September 23, 2025
How can a small-scale establishment stand out in today's competitive market? With the shift toward digital-first experiences, mobile apps help businesses stay relevant and accessible, no matter their size. Learn more about them here.

Adopting Remote Work Tools To Improve Flexibility and Efficiency

By Mersad September 22, 2025
Many businesses across various industries have already implemented a remote work model. Around 35% of Silicon Valley workers, for example, now work from home, a sharp rise from the 2019 pre-pandemic period's 6%, and for good reason. This shift brings many worthwhile advantages, including:

Passkey Weaknesses Exposed: How To Stay Secure

By Mersad September 20, 2025
There’s no question that the traditional username and password combination is a weak link when it comes to online security. For several years, experts have encouraged businesses to implement passkeys to overcome the pitfalls of traditional passwords, which have become increasingly vulnerable to cybercriminals.

New Phishing Scam Hits Victims With a Twist

By Mersad September 19, 2025
Just how safe is your establishment from online threats? A new phishing scam is making waves and targeting US-based organizations. Learn more about it here so you can bolster your defenses.

Why Technology Matters for Longer Product Lifecycles

By Mersad September 18, 2025
Are you finding it harder to keep your offerings profitable over time? By investing in innovation, establishments can predict and control physical wear, combat obsolescence, and even discover new utilization opportunities. Learn more about technology for longer product lifecycles here.

Contact Information

1035 Medina Rd, Suite #800

Medina, OH 44256