Security researchers found a serious zero-click bug in Synology's Photos app

If you own a Synology NAS drive, you’ll want to update your device as soon as possible. As first reported by Wired, a group of Dutch security researchers recently identified a zero-click vulnerability within the Synology Photos app. For the uninitiated, such bugs allow hackers to compromise a system without a user needing to click something first. To make matters worse, the app comes pre-installed and enabled by default on Synology’s consumer line of Bee network storage devices. It’s also a popular download among those who use the company’s DiskStation systems.

Midnight Blue, the cybersecurity firm that discovered the vulnerability, estimates that millions of Synology users may be at risk. Although the company released a security patch to address the bug, its NAS devices do not automatically download updates. “It’s not trivial to find [the vulnerability] on your own, independently,” Carlo Meijer, one of ...