From Canon:

An worldwide group of safety researchers has drawn our consideration to a vulnerability associated to communications by way of the Picture Transfer Protocol (PTP), which is utilized by Canon digital cameras, in addition to a vulnerability associated to firmware updates.

(CVE-ID:CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to those vulnerabilities, the potential exists for a third-party assault on the digicam if the digicam is linked to a PC or cell gadget that has been hijacked by way of an unsecured community.

At this level, there have been no confirmed instances of those vulnerabilities being exploited to trigger hurt, however in an effort to be certain that our prospects can use our merchandise securely, we wish to inform you of the next workarounds for this situation.

  • Ensure the suitability of security-related settings of the units linked to the digicam, such because the PC, cell gadget, and router getting used.
  • Do not join the digicam to a PC or cell gadget that’s being utilized in an unsecured community, similar to in a free Wi-Fi atmosphere.
  • Do not join the digicam to a PC or cell gadget that’s doubtlessly uncovered to virus infections.
  • Disable the digicam’s community capabilities when they aren’t getting used.
  • Download the official firmware from Canon’s web site when performing a digicam firmware replace.

There is a rise in use of PCs and cell units in an unsecured (free Wi-Fi) community atmosphere the place prospects usually are not conscious of the community safety. As it has turn out to be prevalent to switch pictures from a digicam to a cell gadget by way of a Wi-Fi connection, we’ll implement firmware updates for the next fashions which might be geared up with the Wi-Fi perform.

 

These vulnerabilities have an effect on the next EOS-series digital SLR and mirrorless cameras:

EOS-1DX*1 *2EOS 6D Mark IIEOS 760DEOS M5
EOS-1DX MK II*1 *2EOS 7D Mark II*1EOS 77DEOS M6
EOS-1DC*1 *2EOS 70DEOS 1300DEOS M10
EOS 5D Mark IVEOS 80DEOS 2000DEOS M100
EOS 5D Mark III*1EOS 750DEOS 4000DEOS M50
EOS 5DS*1EOS 800DEOS RPowerShot SX70 HS
EOS 5DS R*1EOS 200DEOS RPPowerShot SX740 HS
EOS 6DEOS 250DEOS M3PowerShot G5X Mark II

 

*1 If a WiFi adapter or a Wireless file transmitter is used, WiFi connection will be established.

*2 Ethernet connections are additionally affected by these vulnerabilities.

Firmware replace info will likely be offered for every product, in flip, ranging from merchandise for which preparations have been accomplished.