Stopspying

Level 10
"A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it.
KDE is a desktop environment found in Linux distributions such as OpenSUSE, Kali, KUbuntu, and others that offers a graphical user interface to the operating system.
Discovered by security researcher Dominik Penner of Hackers for Change, a path traversal vulnerability has been found in the default ARK archive utility that allows malicious actors to perform remote code execution by distributing malicious archives.
Once a user opens the archive, the attacker can create autostarts that automatically launch programs that could encrypt a user's files with ransomware, install miners, or install backdoors that give remote attackers shell access to a victim's account.
Penner reported this vulnerability to the KDE security team on July 20th, 2020, and the bug was quickly fixed in Ark 20.08.0, which was released today.
As ARK is the default extractor in the KDE desktop environment and used in almost all Linux distributions, all users are advised to install the latest update as soon as possible..."
 
Top