CUPS open source printing system can be hacked to hijack your devices, experts warn

It’s a difficult attack to pull off

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Common UNIX Printing System, or CUPS, can be abused to runmalicious codeon vulnerable endpoints remotely, experts have warned.

CUPS is an open-source printing system developed byApplefor Unix-likeoperating systems, including Linux and macOS. It provides a standardized way to manage print jobs and queues, supporting both local andnetwork printers. CUPS uses the Internet Printing Protocol (IPP) as its primary protocol, allowing seamless printer discovery and job submission across networks. It also includes a web-based interface for managing printers, print jobs, and configurations.

Cybersecurity researcher Simone Margaritelli of Evil Socket discovered a problem in the system’s ability to discover new printers. As the researcher explains, CUPS has four vulnerabilities: CVE_2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. These vulnerabilities, when chained together, allow threat actors to create a fake, malicious printer, and have CUPS discover it.

Roadblocks to exploitation

The moment a user tries to print something using this new device, a malicious command gets executed locally on their device.

While it sounds like a major vulnerability, Red Hat deemed it ‘important’ rather than ‘critical’, and this is mostly because there are many hoops to jump through, before the flaw can be exploited for RCE.

The first, and biggest one, is that the component named cups-browsed daemon, which looks for shared printers on the local network and enables them for printing, needs to be turned on. The researcher said that sometimes it’s turned off by default, and sometimes it’s turned on.

The second major hoop is making the victim pick the new printer that suddenly appeared out of nowhere, instead of their usual machine.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Red Hat is currently working on a fix, so a patch is not yet available. However, the easy fix is to stop the cups-browsed service from running, and to prevent it from being started on reboot.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case