Synology cloud sync bug exposes Macs to full takeover

A bug in the OS X client for Synology’s Cloud Station for syncing files across devices could allow an attacker to take over the machine.

Mac owners who use Synology’s Cloud Station sync client are being urged to update the software, which contains a faulty default permission that could allow a local attack to gain control of the host Mac system.

Cloud Station is Synology’s answer to cloud file storage services like Dropbox, offering users a personal cloud — without the same level of redundancy as a Google or Dropbox — which nonetheless syncs files between devices with the client installed.

According to the CERT for Carnegie Mellon University, the Cloud Station client for OS X “contains an executable named client_chown that allows users to change the ownership of files”. The problem is that it’s installed as a “setuid root executable”. The flaw poses a risk not just to files for syncing, but the fact the files can be changed could be used to control the host.

“This allows any user the ability to change ownership of arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host,” the CERT noted.

It also urged users to update the Cloud Station client for OS X to version 3.2-3475.

"We have removed client_chown in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown was able to change the ownership of certain system files that belong to Cloud Station client,” Synology is quoted as saying.

Synology played down the threat posed to Mac users with the affected client installed.

"[The update] was released on May 12 along with the latest version of our OS (DSM 5.2). The executable is only able to change ownership of system files that belong to Cloud Station client but not others. We remove it only as a precaution," a Synology spokesperson told CSO Australia.

Read more: Making the Best of BYOx

The company on Tuesday also released a fix for a serious flaw in the Synology Photo Station feature of its Linux-based OS Disk Station Manager.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ClouddropboxbugsynologyCarnegie Mellon UniversityCloud Stationbug exposes Macs

More about CSODropboxEnex TestLabGoogleLinuxMellonSynology

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts