We would like to bring to your attention a recent security update concerning Splashtop that CVE-2023-3181 and CVE-2022-50693 have been identified and promptly addressed by our development team and security team.
Summary
Both CVEs are related to the Splashtop Software Updater Service (SSU).
However, we want to assure you that starting from version 3.4.8.1 onward, we no longer utilize SSU for updates. Additionally, SSU is not only unused but also automatically removed if previously installed.
This means these CVEs do not apply to current Splashtop versions.
Products Where SSU Has Been Removed
SSU has been removed from the following products:
- Splashtop Business app – since version 3.5.6.0
- Splashtop Streamer – since version 3.5.6.0
- Splashtop Personal app – since version 3.5.8.0
- Splashtop for RMM – since version 3.5.8.0
- Mirroring 360 Receiver – since version 2.4.0.1
- Mirroring 360 Sender – since version 1.3.0.0
Why Some Security Scanners Still Report This (CVE-2022-50693)
Some vulnerability scanners are incorrectly flagging this as a risk because they:
- Assume Splashtop must be on version 8.x.x or later to be safe
- Automatically treat all 3.x.x versions as vulnerable
This logic is incorrect.
Splashtop’s current endpoint versions are in the 3.8.x range, and SSU has already been removed. As a result, these reports are false positives.
Our cybersecurity team is actively working with the reporting vendors to correct this detection logic.
How to Verify That You Are Not Affected
You can verify that SSU is not present on your system using either of the following methods:
Option 1: Folder Check
Confirm that no executable files exist under the following path:
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\
Option 2: Windows Services Check
Open Services and confirm that there is no service named:
Splashtop Software Updater
⚠️ Important:
If you see a service named “Splashtop Update Service”, this is NOT the vulnerable SSU and is safe.
Recommendation
To ensure you benefit from the latest security improvements, we strongly recommend keeping your Splashtop software up to date:
Need Assistance?
If you have any questions or concerns, please don't hesitate to reach out to our support team.