i am root on Nostr: I found the bad version of xz on my Macbook, but fortunately it looks like it ...
I found the bad version of xz on my Macbook, but fortunately it looks like it doesn’t actively exploit macOS. 😬
It was installed via Brew due to being a dependency in 4 other packages I actively use. Brew had a patch waiting, which curiously just downgraded xz to an earlier version.
"These conditions include targeting only x86-64 linux" and "due to the working of the injected code... it is likely the backdoor can only work on glibc based systems."
#xz #cve20243094
https://mastodon.social/@AndresFreundTec/112180083704606941
It was installed via Brew due to being a dependency in 4 other packages I actively use. Brew had a patch waiting, which curiously just downgraded xz to an earlier version.
"These conditions include targeting only x86-64 linux" and "due to the working of the injected code... it is likely the backdoor can only work on glibc based systems."
#xz #cve20243094
https://mastodon.social/@AndresFreundTec/112180083704606941