Security News > 2024 > April > Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
2024-04-02 13:18
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund
News URL
https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html
Related news
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- ESET researchers analyze first UEFI bootkit for Linux systems (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-3094 | Unspecified vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |