Critical R Programming Vulnerability Threatens Sensitive Sectors
April 30, 2024![Critical R Programming Vulnerability Threatens Sensitive Sectors](https://cdn.brief.news/images/stories/3e44e3a1dbcde58d899bf16a67f727ae1a13e114b246416a075864303e874f1e3361ef217225127d840430752701b5a316a8c4fe0f6e3f2f3ecaa9359c4bbe5b.jpg)
HiddenLayer, a security firm, has identified a high-severity vulnerability, CVE-2024-27322, in the R programming language.
The flaw allows arbitrary code execution by deserializing untrusted data and affects critical sectors like government and healthcare.
Attackers can exploit the vulnerability by crafting malicious RDS files, taking advantage of R's promise objects and lazy evaluation.
The vulnerability has been fixed in R version 4.4.0, released on April 24, 2024, after collaboration between HiddenLayer, R's maintainers, and CISA.
Given R's widespread use and the common practice of sharing packages, it is essential for organizations to update R and educate users on security.
Summary based on 3 sources
Get a daily email with more Tech stories
Sources
![HiddenLayer Uncovers Deserialization Vulnerability in Open-Source Programming Language, R](https://cdn.brief.news/images/links/3e44e3a1dbcde58d899bf16a67f727ae1a13e114b246416a075864303e874f1e3361ef217225127d840430752701b5a316a8c4fe0f6e3f2f3ecaa9359c4bbe5b.jpg)
PR Newswire • Apr 29, 2024
HiddenLayer Uncovers Deserialization Vulnerability in Open-Source Programming Language, R![New R Programming Vulnerability Exposes Projects to Supply Chain Attacks](https://cdn.brief.news/images/links/1d655d352e621f3cf089c92456206b9007e87c2df469a061fd6a074c660069bbe8b27b6f7aa06c23569c53e2fd971d512c8fe06c9df6120df29b59606ea26aca.png)
The Hacker News • Apr 29, 2024
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks![R Programming Bug Exposes Orgs to Vast Supply Chain Risk](https://cdn.brief.news/images/links/2e3051cfa4d89f582e7e255ac8acf74c3e0c71c7311e2cfd78bd1f76cea6358228213e430f22f3a790eac4fbb2505eab535a76ee75d3eba9539ba41771a24f65.jpg)
Dark Reading • Apr 29, 2024
R Programming Bug Exposes Orgs to Vast Supply Chain Risk