A few years ago, hackers discovered that they could remotely take control of a PC by exploiting a vulnerability in Logitech wireless dongles. According to The Verge, dongles that Logitech is shipping today are still vulnerable to the same remote access hack—dubbed “MouseJack.” — a list that includes the manufacturer’s Unifying Receiver and G900 wireless gaming mouse.
While Logitech did roll out patches that fixed the remote access vulnerability for peripherals users owned and used back in 2016, it’s unclear when (or if) those changes were applied to devices in the factory. Some customers may have purchased unpatched devices, and it’s possible even more remain on store shelves.
As a Logitech spokesperson told The Verge:
“Logitech evaluated the risk to businesses and to consumers, and did not initiate a recall of products or components already in the market and supply chain. We made the firmware update available to any customers that were particularly concerned, and implemented changes in products produced later.”
Luckily, you can patch this vulnerability yourself by updating your Logitech device’s firmware:
Once downloaded, run each file and follow the on-screen instructions to apply the patches.
This should fix the loopholes, at least for now. Logitech plans on pushing an additional patcher to fix a related vulnerability in August, and you should install the appropriate Logitech software for your devices and apply any updates it arrives.