Substance3D Painter Users Beware of Malicious Files

CVSScvssV3_1: 7.8

Substance3D Painter, a 3D painting and texturing software, has a vulnerability in versions 9.1.1 and earlier that could allow hackers to take control of your computer.

The vulnerability, tracked as CVE-2024-20741, is a “write-what-where” issue that happens when the software improperly handles opening specially crafted files. Hackers can create malicious files that, when opened in the affected versions of Painter, could run any code as your user account on your system.

This means a hacker could install programs, view, change or delete data, or do other unwanted actions on your computer without your permission. All they would need is for you to open a file they provide, perhaps hidden within another innocent-looking file or sent to you over email.

The best way to protect yourself is to update to the latest version of Substance3D Painter, which fixes this vulnerability. You should also be cautious about opening files from unknown or untrusted sources. Being aware of the risks from malicious files is especially important for Painter users, as this vulnerability allows files to directly take control of your system with your user privileges. Staying on top of software updates helps keep your data and devices secure.