Intel will not release any patches for its Remote Keyboard application, and is telling users to uninstall the app.
First hitting the market almost three years ago, the Intel Remote Keyboard apps for Android and iOS allow users to wirelessly control their Intel NUC and Compute Stick devices from a smartphone or tablet.
Intel: No Spectre-Meltdown Fixes for Some Processors
Microsoft’s Out-of-Band Meltdown Patch
Chromebooks Patched Against Spectre Variant 2
Intel Details Spectre, Meltdown Fixes; Future CPU Plans
That is all well and good, but researchers just found all versions of Intel Remote Keyboard are affected by severe privilege escalation flaws.
The most serious of them, rated “critical” and identified as CVE-2018-3641, allows a network attacker to inject keystrokes as a local user.
Another vulnerability, tracked as CVE-2018-3645, rated “high severity.” It appears the Remote Keyboard is affected by a privilege escalation flaw that allows a local attacker to inject keystrokes into another keyboard session.
The third security hole is CVE-2018-3638, which allows an authenticated, local attacker to execute arbitrary code with elevated privileges.
Intel decided to discontinue the product and advised users to uninstall the apps. Coming on the heels of that news, Google Play and the Apple App Store removed the app.