Universal Copy Service, a widely used software suite for DNA sequencing in medical laboratories worldwide, has been found to have two high-severity vulnerabilities that could allow hackers to take over targeted endpoints and steal sensitive data. The US Cybersecurity Infrastructure Security Agency (CISA) and the FDA have issued a joint security advisory urging users to patch the software as soon as possible. The software, developed by California-based medical technology company Illumina, is used by research organizations, academic institutions, biotechnology firms, and pharma companies in 140 countries. The two vulnerabilities are tracked as CVE-2023-1968 and CVE-2023-1966, with the former being a critical vulnerability that allows hackers to listen in on all network traffic and the latter being a high severity vulnerability that allows UCS users to run commands with elevated privileges. Illumina has recommended different mitigation measures depending on the software in question. The full list of vulnerable products can be found on their website.
