Security update for Sonos Players | July 2018

  • 7 September 2018
  • 0 replies
  • 505 views

Userlevel 7
Badge +25
  • Community Manager
  • 11019 replies
Summary
Sonos has released a security update for all Sonos Players. This update resolves an important vulnerability (CVE-2018-11316) that could lead to unauthorized access to the user’s Sonos system and network.


Affected versions
All Sonos Players with a software version 8.6 and earlier are vulnerable to this exploit.

To check the version of the Sonos Player software, open the Sonos controller app:

Windows
  1. Launch the Sonos desktop app and sign in with your Sonos ID if prompted
  2. Click Help > About My Sonos System...
MacOS
  1. Launch the Sonos desktop app and sign in with your Sonos ID if prompted
  2. Click Sonos > About My Sonos System
iOS/Android
  1. Launch the Sonos mobile app and sign in with your Sonos ID if prompted
  2. Click the "... More" option along the bottom and choose Settings > About My Sonos System

Solution
Sonos recommends users update their Players to the newest version: 9.0 or later.

The latest Sonos Player software can be downloaded from the mobile controller app. 


Vulnerability Details



Vulnerability Description
This attack uses malicious javascript on a web page to attack devices on the user’s home network that would otherwise be protected behind the user's router. This could result in unauthorized access to a user’s networked devices if a user browses to a webpage with malicious content. This attack is also known as a "DNS Rebinding" attack.

Vulnerability Impact
For Sonos devices, this could allow unauthorized playback control on Sonos and the disclosure of similar information available in the Sonos App.

CVE Numbers
CVE-2018-11316

Acknowledgments
Sonos would like to thank Brannon Dorsey (CVE-2018-11316) for reporting this issue and for working with Sonos to help protect our customers.

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Accept cookies Cookie settings