Backdoor in XZ Utils allows unauthorized root access
WIRED — April 2, 2024, 10:00 AM UTC
Summary: A backdoor was discovered in XZ Utils, a widely used data compression utility on Linux systems. Malicious code in versions 5.6.0 and 5.6.1 allowed unauthorized access with root privileges. The backdoor was part of a sophisticated supply chain attack, with the perpetrator, Jia Tan, infiltrating the project over years. The backdoor enabled the execution of malicious commands through SSH. The incident was described as a nightmare scenario by experts.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.