A new vulnerability has been disclosed for the QTS operating system used by QNAP storage devices. This vulnerability allows unauthenticated remote OSX users to potentially read and write arbitrary files on a QNAP device through the Apple Filing Protocol (AFP). As AFP is disabled by default, this vulnerability would only affect users who have enabled this protocol. This vulnerability exists in firmware prior to 4.1.4 Build 0910 and 4.2.0 RC2 (Build 0910) and if you are using an affected version, you should immediately upgrade to the latest version. 

To upgrade your QNAP device to the latest version, you can go to this page to download the latest QTS 4.2 release candidate which also includes other security vulnerability fixes. QNAP has a guide on how to upgrade the QTS firmware on your QNAP device here:

How to update your QNAP NAS’s firmware

Related Articles:

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

Windows Task Scheduler Zero Day Exploited by Malware

Exploit Published for Unpatched Flaw in Windows Task Scheduler

Hackers Exploiting DLink Routers to Redirect Users to Fake Brazilian Banks

GandCrab Ransomware Author Bitter After Security Vendor Releases Vaccine App