Microsoft Engineer Uncovers Major Linux Flaw; BSI Urges Swift Action

April 6, 2024
Microsoft Engineer Uncovers Major Linux Flaw; BSI Urges Swift Action
World News
World News
Tech
Tech
Cybersecurity
Cybersecurity

  • Andres Freund, a Microsoft software engineer, uncovered a critical security flaw in 'XZ Utils', a key Linux tool.

  • The German Federal Office for Information Security (BSI) has labeled the flaw as 'business-critical' and issued a warning.

  • IT administrators are strongly advised to promptly address the risk by checking for compromised 'XZ Utils' versions, especially 5.6.0 and 5.6.1.

  • Linux developers have been notified by Freund and have released updates to correct the vulnerability.

  • No evidence suggests that the vulnerability was exploited by hackers before Freund's discovery.

  • The incident highlights the importance of enhanced security protocols for the open-source software supply chain.

Summary based on 12 sources

Get a daily email with more World News stories

Sources

Why a near-miss cyberattack put US officials and the tech industry on edge

Yahoo News • Apr 5, 2024

Why a near-miss cyberattack put US officials and the tech industry on edge
This backdoor almost infected Linux everywhere: The XZ Utils close call

ZDNET • Apr 5, 2024

This backdoor almost infected Linux everywhere: The XZ Utils close call
Linux backdoor was a long con, possibly with nation-state support, experts say

Nextgov/FCW • Apr 5, 2024

Linux backdoor was a long con, possibly with nation-state support, experts say
xz backdoor Part 2: On the Importance of Runtime Security in the Age of OSS Backdoors

Security Boulevard • Apr 5, 2024

xz backdoor Part 2: On the Importance of Runtime Security in the Age of OSS Backdoors

More Stories