Critical Backdoor in xz-utils Threatens Linux and macOS Security

March 31, 2024
Critical Backdoor in xz-utils Threatens Linux and macOS Security
Tech
Tech
Cybersecurity
Cybersecurity

  • A critical security flaw was discovered in xz-utils, a compression software for Linux and macOS, on March 29th, 2024.

  • Affected versions are 5.6.0 and 5.6.1, which contain a vulnerability that could allow unauthorized system access.

  • The flaw can be exploited remotely via public SSH ports, risking system integrity.

  • Software engineer Andres Freund of Microsoft identified the backdoor and alerted Debian and other Linux distributions.

  • The vulnerability is specifically in the liblzma library within the SSH daemon application.

  • The discovery underscores the importance of enhanced security for open-source software.

  • Users should update their systems as recommended by their Linux distribution and inspect for compromised information.

Summary based on 3 sources

Get a daily email with more Tech stories

Sources

XZ Utils backdoor update: Which Linux distros are affected and what can you do? - Help Net Security

Help Net Security • Mar 31, 2024

XZ Utils backdoor update: Which Linux distros are affected and what can you do? - Help Net Security
An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections

Security Boulevard • Mar 30, 2024

An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections
What You Need to Know About the XZ Utils Backdoor

Security Boulevard • Mar 30, 2024

What You Need to Know About the XZ Utils Backdoor

More Stories