Security News > 2024 > April > Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

2024-04-02 13:18
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund
News URL
https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html
Related news
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-29 | CVE-2024-3094 | Unspecified vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |