Get a Pentest and security assessment of your IT network.

Cyber Security

KDE Vulnerability Fixed By Removing Shell Command Support

A zero-day code execution vulnerability in the KDE desktop manager has been resolved by removing support for shell commands in the KConfig configuration system. The vulnerability was caused by.desktop and.directory files supporting shell commands to dynamically assign a value to various KConfig entries such as a the Icon field. This could allow an attacker to create malicious.desktop or.directory files that perform code execution when a folder is opened as shown below in a test by BleepingComputer. The vulnerability is fixed by updating kconfig to version 5.61.0 or applying this patch.

Source: https://www.bleepingcomputer.com/news/security/kde-vulnerability-fixed-by-removing-shell-command-support/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation