Critical R Programming Vulnerability Threatens Sensitive Sectors

April 30, 2024
Critical R Programming Vulnerability Threatens Sensitive Sectors
  • HiddenLayer, a security firm, has identified a high-severity vulnerability, CVE-2024-27322, in the R programming language.

  • The flaw allows arbitrary code execution by deserializing untrusted data and affects critical sectors like government and healthcare.

  • Attackers can exploit the vulnerability by crafting malicious RDS files, taking advantage of R's promise objects and lazy evaluation.

  • The vulnerability has been fixed in R version 4.4.0, released on April 24, 2024, after collaboration between HiddenLayer, R's maintainers, and CISA.

  • Given R's widespread use and the common practice of sharing packages, it is essential for organizations to update R and educate users on security.

Summary based on 3 sources


Get a daily email with more Tech stories

Related Stories