Skip to main content

Linux xz Backdoor Damage Could Be Greater Than Feared

posted onApril 1, 2024
by l33tdawg
The New Stack
Credit: The New Stack

When your home has been broken into, you may not initially comprehend all that has been taken, or the damage that has been done. This is the state of apprehension the Linux community now feels with the recently-unearthed xz backdoor security vulnerability.

“This upstream supply chain security attack is the kind of nightmare scenario that has gotten people describing it called hysterical for years,” Kubernetes Security Chairperson Ian Coldwater had written on X. “It’s real.”

A Microsoft engineer first detected the back door, which he traced back to a recent update to the xz compression library. The library update was a recent one, but it already found homes in the rolling and advanced “rapid” releases of some Linux distributions. The back door takes a certain combination of conditions and dependencies to trigger. Once triggered however, an attacker could enter your system without any authentication at all.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th