Vulnerability discovered in kde plasma

A security researcher has released a story that may be of great concern to those who use KDE Plasma on Linux. Since a vulnerability has been found that is too easy to exploit. This gap allows the execution of malicious code including.desktop and.directory files. Found in KDE Frameworks 5.60.0 and earlier, impacting versions 4 and 5 of the desktop environment.

Vulnerability discovered in KDE Plasma

The exploitation of the bug is based on the way the KDesktopFile class handles the.desktop and.directory files. It has been discovered that it is possible to create files with malicious code, which are then executed on the computer.

Serious security breach

KDE Plasma generates a.directory file in every folder that has been visited using Dolphin. Being hidden by default, and being elementary, it is easy to camouflage it in a compressed file. Therefore, the attacker can create the compressed file with a folder inside, where the malicious file is. When the victim unzips it, it accesses Dolphin, which automatically reads the.directory file and the malicious code then runs.

Although this rules out a remote attack, it is still a fairly easy way to access a victim's computer. So it is something that has generated a lot of concern among users, seeing how easy it can be exploited.

KDE Plasma has not given any reaction so far. Although it is to be hoped that there will be some additional security measure on your part soon, to prevent attacks based on this failure. It is a serious vulnerability, but it can be corrected. We hope it happens soon.

The Hacker News Font