Critical R Programming Flaw Patched: Update to Thwart Code Execution Attacks

May 2, 2024
Critical R Programming Flaw Patched: Update to Thwart Code Execution Attacks
  • The R programming language patched a critical vulnerability, CVE-2024-27322, allowing arbitrary code execution via RDS and RDX files.

  • Over 135,000 R source files were found to be affected by this high-risk vulnerability.

  • Sharing of RDS and RDX files among developers and data scientists opens an effective attack vector.

  • R Core version 4.4.0 contains fixes and should be updated to immediately to mitigate risks.

  • Organizations utilizing R must evaluate their risk and update their systems as a protective measure.

  • The widespread use of R and the readRDS function amplifies the potential impact of the vulnerability.

  • The US government and education sectors have faced joint malware attacks, and Canadian pharmacy chain London Drugs experienced a cybersecurity incident.

  • HiddenLayer's AISec Platform aims to offer additional protection against such vulnerabilities in its upcoming Q2 release.

  • The incident underscores the necessity for continuous vigilance and prompt updates in cybersecurity.

Summary based on 4 sources


Get a daily email with more Tech stories

Related Stories