Security News > 2024 > March > KDE advises extreme caution after theme wipes Linux user's files

KDE advises extreme caution after theme wipes Linux user's files
2024-03-21 19:05

On Wednesday, the KDE team warned Linux users to exercise "Extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance.

As KDE said, it currently lacks the resources to review the code used by each global theme submitted for inclusion in its official store.

"Global themes and widgets created by 3rd party developers for Plasma can and will run arbitrary code. You are encouraged to exercise extreme caution when using these products," KDE cautioned.

Global theme wipes user's files using 'rm -rf'.

According to a Reddit post quoted by KDE, at least one user had their files wiped after installing one such global Plasma theme.

In light of the risks behind installing unvetted Plasma plugins, KDE asked the community to report faulty software already available through the KDE Store.


News URL

https://www.bleepingcomputer.com/news/linux/kde-advises-extreme-caution-after-theme-wipes-linux-users-files/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232
KDE 30 5 21 24 0 50