Critical Security Alert Released After Malicious Code Found in XZ Utils

 

On Friday, Red Hat issued a high-priority security alert regarding a discovery related to two versions of a widely-used data compression library called XZ Utils (formerly known as LZMA Utils). It was found that these specific versions of the library contained malicious code intentionally inserted by unauthorized parties. 
This code was designed with the malicious intent of allowing remote access to systems without authorization. This unauthorized access can lead to serious security threats to individuals and organizations utilizing these compromised versions of the library, potentially leading to data breaches or other malicious activities. 
The discovery and reporting of the issue have been attributed to Microsoft security researcher Andres Freund. It was revealed that the malicious code, which was heavily obfuscated, was introduced through a sequence of four commits made to the Tukaani Project on GitHub. These commits were attributed to a user named Jia Tan (JiaT75). 
What XZ Utils Used For? 
XZ is a compression tool and library widely utilized on Unix-like systems such as Linux. It is renowned for its ability to significantly reduce file sizes while maintaining fast decompression

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: