
close
close
Last week, QNAP published a security advisory to warn customers about new critical flaws in an open-source fileserver technology integrated into its network-attached storage (NAS) devices. The company has advised customers to look out for updates to address the vulnerabilities affecting some of its products.
QNAP explained in its advisory that these flaws exist in Netatalk. It is a free open source version of Apple Filing Protocol (AFP) used to share files between clients and servers. Specifically, AFP enables macOS clients to access data stored on NAS devices. The company says that this outdated file access protocol is still being used because it supports various macOS attributes not found in other protocols.
advertisment
It is important to note that Netatalk released an update (v3.1.13) to patch all the security issues in March. QNAP confirmed that it has already addressed the Netatalk flaws in QTS 4.5.4.2012 build 20220419 and later. However, these vulnerabilities still impact several older versions of its QTS operating system. The list includes:
The company is currently investigating the security vulnerabilities, and it’s planning to release updates for all impacted QNAP OS versions soon. “QNAP is thoroughly investigating the case. We will release security updates for all affected QNAP operating system versions and provide further information as soon as possible.” QNAP explained.
In the meantime, QNAP is urging customers to disable AFP on QTS or QuTS hero NAS devices to mitigate the Netatalk vulnerabilities in their organization. To do so, head to the Control Panel > Network & File Services > Win/Mac/NFS/WebDAV > Apple Networking. Finally, disable the “AFP (Apple Filing Protocol)” option.
More from Rabia Noureen
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group