Security & Compliance
DEVO-2023-0016
Summary
Update 2023-10-23
The vulnerability with the embedded chrome browser in Remote Desktop Manager Windows is fixed in the latest version (2023.2.33 and higher).
Description
Remote Desktop Manager Windows
The embedded chromium browser component used by Remote Desktop Manager Windows is currently affected by a critical security vulnerability. The vulnerability (CVE-2023-4863) is in the libwebp library used by the chromium engine. This component is managed by a third-party and can't be patched on our end.
We advise not to use the embedded chrome browser in the web site entries and switch to another browser such as Microsoft Edge in the meantime. You can switch browser by editing the entry and changing the Web browser property to Microsoft Edge. By default, RDM Windows uses Microsoft Edge if the default configuration hasn't been modified.
We are actively working with the third party software company to get this fix out as soon as possible. This advisory will be updated consequently.
Remote Desktop Manager - Other Platforms (macOS, iOS, Android, Linux)
A component named SkiaSharp used for rendering images in our products is also affected by the same vulnerability. This component will be updated for other platforms.
Affected Products
Currently affected (latest versions) :
Currently fixed versions :
- Remote Desktop Manager Windows 2023.2.33 and higher
- Embedded chrome web browser vulnerability.
- Remote Desktop Manager Windows 2023.2.32 and higher
- SkiaSharp
- Remote Desktop Manager iOS 2023.2.8.0 and higher
- SkiaSharp
- Remote Desktop Manager macOS 2023.2.10.4 and higher
- SkiaSharp
- Remote Desktop Manager Linux 2023.2.2.5 and higher
- SkiaSharp
- Remote Desktop Manager Android 2023.0.24 and higher
- SkiaSharp
Change Log
2023-10-02 - Initial publication
2023-10-03 - Added RDM macOS to fixed versions
2023-10-04 - Added RDM Linux to fixed versions
2023-10-23 - Added RDM Windows to fixed versions
2023-10-25 - Updated informations
2023-11-01 - Added RDM Android to fixed versions
Severity
High
Product
Remote Desktop Manager
Fix Version
Fixed versions available
CVE-2023-4863
Description
Remediation and Workarounds
Severity
Affected Products
CVE(s)
CVE-2023-4863
References
CVE-2023-4863