A serious vulnerability in the XZ Utils library has been exploited, allowing attackers to install backdoors on Linux distributions to penetrate and control the system.

The vulnerability was discovered in XZ versions 5.6.0 and 5.6.1 of the XZ Utils library. Hackers took advantage of this error to insert sophisticated malicious code into the download package of the XZ library. The consequences of this are very serious, causing irreversible losses. Hackers can use backdoors to perform other attacks, such as gaining unauthorized access to the system, infecting other viruses, or stealing important user information.

The vulnerability is identified with the code CVE-2024-3094, with a CVSS score of 10/10. This is a high-severity supply chain attack and there is no patch information yet.

Bkav experts recommend that users should immediately stop using Fedora versions that are in the development and testing stages, switch to using version XZ 5.4.6 and carefully review their systems to ensure safety. ensure safety.