Microsoft Engineer Uncovers Major Linux Flaw; BSI Urges Swift Action
April 6, 2024![Microsoft Engineer Uncovers Major Linux Flaw; BSI Urges Swift Action](https://cdn.brief.news/images/stories/440cf9869c206f5038b709c5e92750a715a31673b025740891c10d24024720dd338cd5512dba2ee0d4cd83ecd948ec46e754fa24837a86a9e931bfdfc0ad56ae.jpg)
Andres Freund, a Microsoft software engineer, uncovered a critical security flaw in 'XZ Utils', a key Linux tool.
The German Federal Office for Information Security (BSI) has labeled the flaw as 'business-critical' and issued a warning.
IT administrators are strongly advised to promptly address the risk by checking for compromised 'XZ Utils' versions, especially 5.6.0 and 5.6.1.
Linux developers have been notified by Freund and have released updates to correct the vulnerability.
No evidence suggests that the vulnerability was exploited by hackers before Freund's discovery.
The incident highlights the importance of enhanced security protocols for the open-source software supply chain.
Summary based on 12 sources
Get a daily email with more World News stories
Sources
![Why a near-miss cyberattack put US officials and the tech industry on edge](https://cdn.brief.news/images/links/1fe5d13bc46edf6b13f86afa3c8ebea43ab36149e12d4bae3203caa02b5a57699e6406a0cf35ab78b1064a0dd299e2961b829510224f896d1c40020106585bbd.jpg)
Yahoo News • Apr 5, 2024
Why a near-miss cyberattack put US officials and the tech industry on edge![This backdoor almost infected Linux everywhere: The XZ Utils close call](https://cdn.brief.news/images/links/b4822ae6d779a0feb3a92d01f2795c0036791e2eb7133ab7506cf93f4d18fdf9853e7d92f1a4f90a9e7fdf054390fb4237bd9b6e080a3b24e39d0da5237b87eb.jpg)
ZDNET • Apr 5, 2024
This backdoor almost infected Linux everywhere: The XZ Utils close call![Linux backdoor was a long con, possibly with nation-state support, experts say](https://cdn.brief.news/images/links/cc345e0b2935c312db330b33ccd16893cb46fd3ba104839baa067f275d605b67554876e73de164365a57d07a2a53451b062c6111e25644c2d785dd79da47e6b0.jpg)
Nextgov/FCW • Apr 5, 2024
Linux backdoor was a long con, possibly with nation-state support, experts say![xz backdoor Part 2: On the Importance of Runtime Security in the Age of OSS Backdoors](https://cdn.brief.news/images/links/375f2ff2c6209a369229e0415a27ea60a6f81d41e71d1579a3d91a1102ca40250456d798df4d2ffd59d1a447afd0c45a35fd156417cf5ebdef37f6c1ae4bf688.jpg)
Security Boulevard • Apr 5, 2024
xz backdoor Part 2: On the Importance of Runtime Security in the Age of OSS Backdoors