Critical Backdoor in xz-utils Threatens Linux and macOS Security

April 1, 2024
Critical Backdoor in xz-utils Threatens Linux and macOS Security
  • A critical security flaw was discovered in xz-utils, a compression software for Linux and macOS, on March 29th, 2024.

  • Affected versions are 5.6.0 and 5.6.1, which contain a vulnerability that could allow unauthorized system access.

  • The flaw can be exploited remotely via public SSH ports, risking system integrity.

  • Software engineer Andres Freund of Microsoft identified the backdoor and alerted Debian and other Linux distributions.

  • The vulnerability is specifically in the liblzma library within the SSH daemon application.

  • The discovery underscores the importance of enhanced security for open-source software.

  • Users should update their systems as recommended by their Linux distribution and inspect for compromised information.

Summary based on 3 sources


Get a daily email with more Tech stories

Related Stories