"Critical Security Bugs Fixed in Virtual Learning Software"

Researchers at McAfee Labs Advanced Threat Research discovered critical vulnerabilities in the Netop Vision Pro system that could allow attackers to hijack school networks, deliver malware, determine students' IP addresses, eavesdrop, and more.  Netop, the company behind the popular software tool designed to let teachers remotely access student computers, has fixed four security bugs in its platform.  The flaws were disclosed to Netop on Dec. 11. By late February, the company had issued an update addressing several of the concerns (in Netop Vision Pro version 9.7.2).  The researchers disclosed that the new update fixed the local privilege escalations, encrypted formerly plaintext Windows credentials, and mitigated the arbitrary read/writes on the remote filesystem within the MChat client.  The researchers stated that the network traffic is still unencrypted, including the screenshots of the student computers.  Netop has assured the researchers that it is working on implementing encryption on all network traffic for a future update.

Threatpost reports: "Critical Security Bugs Fixed in Virtual Learning Software"