We have recently been made aware that McAfee has found a vulnerability in our Vision Pro Product. We are committed to getting the vulnerability fixed and giving our customers the best experience possible.
What McAfee Found
While researching Netop Vision Pro, McAfee’s team discovered a security vulnerability when the software uses a custom jpeg image for the blank-screen feature. It is possible to load an image that will cause the Vision client to crash on a student device. An attacker could use this crash as an infiltration vector to disrupt other services running on the student device.
How the Vulnerability Affects our Customers
The vulnerability that McAfee found is a challenging exploit that requires deep technical know-how. To our knowledge, the security vulnerabilities have only been reproduced in a research environment with no reports of issues “in the wild”. It is our understanding that this recent issue requires an attacker to run multiple exploits in conjunction before it poses a significant threat to a school environment. All of this must happen within a school network, which makes the attacker’s job even harder.
While we believe that any disruption to the students’ devices is unwelcome, the actual risk associated with it is fairly low. This vulnerability also does not involve risk to personal data.
We appreciate McAfee analyzing our software. We are committed to security and are considering their findings as we develop the next version of Vision.