Irresponsible Disclosure of a KDE Vulnerability on Twitter
212Dominik “zer0pwn” Penner published a KDE design flaw on Twitter. Just viewing a malicious .desktop or .directory file with Dolphin file manager can result in malicious code being executed on a users system. This vulnerability was designated CVE-2019-14744.
Sources:
https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/
https://twitter.com/zer0pwn/status/1158167374799020039
https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt
https://twitter.com/kdecommunity/status/1159224511499309056
https://kde.org/info/security/
https://kde.org/info/security/advisory-20190807-1.txt
https://mail.kde.org/pipermail/kde-announce/2019-August/000047.html
https://www.cybersecurity-help.cz/vdb/SB2019081004?affChecked=1
https://security-tracker.debian.org/tracker/source-package/kconfig
https://kubuntu.org/news/fixes-for-recent-kde-desktop-vulnerability/
https://paper.seebug.org/1008/
Wallpaper: https://www.pling.com/s/Antiques/p/1316958/
Like my channel? Please help support it:
Patreon: https://www.patreon.com/quidsup
Paypal: https://www.paypal.me/quidsup
Follow me on Social Media
Twitter: https://twitter.com/quidsup
MeWe: https://mewe.com/i/quidsup
Minds: https://minds.com/quidsup
#KDE #Vulnerability #Malware