News Minimalist logo

Volunteer engineer finds cybersecurity threat in XZ Utils

The Japan Times April 9, 2024, 10:00 AM UTC

Summary: Andres Freund, a volunteer software engineer, uncovered a potentially massive cybersecurity threat in XZ Utils, an open-source data compression utility used widely in Linux systems. The issue could have led to a significant backdoor breach. This incident underscores the critical role of open-source software in the digital economy and the often unacknowledged efforts of volunteers like Freund in maintaining cybersecurity.

Full article

Article metrics

The article metrics are deprecated.

I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.

Timeline:

  1. [5.5]
    XZ Utils backdoored for covert SSH access on Linux (Help Net Security)
    152d 12h

    ScoresSource
  2. [5.6]
    Malicious code found in XZ Utils on Good Friday (The Guardian)
    154d 10h

    ScoresSource
  3. [6.6]
    Andres Freund prevented cybersecurity breach in XZ Utils software (The Hindu)
    154d 20h

    ScoresSource
  4. [5.6]
    Andres Freund uncovers sabotage in XZ Utils, preventing crisis (The Japan Times)
    155d 0h

    ScoresSource
  5. [6.1]
    Backdoor discovered in XZ Utils by Microsoft developer (The Intercept)
    157d 2h

    ScoresSource
  6. [5.9]
    Free online scanner detects XZ Utils backdoor in Linux (TechRadar)
    157d 9h

    ScoresSource
  7. [6.2]
    Linux narrowly avoided cyber attack from XZ Utils backdoor (The Verge)
    158d 1h

    ScoresSource
  8. [5.7]
    Supply chain attack targets XZ Utils in Linux distributions (Cybersecurity Dive)
    158d 3h

    ScoresSource
  9. [7.2]
    Backdoor in XZ Utils allows unauthorized root access (WIRED)
    158d 16h

    ScoresSource
  10. [5.9]
    Backdoor in XZ Utils poses security risk in Linux (Nextgov/FCW)
    159d 9h

    ScoresSource
  11. [5.8]
    Critical Linux vulnerability; update XZ Utils before 5.6.0 (IT World Canada)
    159d 13h

    ScoresSource
  12. [5.9]
    Backdoor found in xz Utils for Linux systems (Ars Technica)
    159d 18h

    ScoresSource
  13. [6.3]
    Critical xz package vulnerability discovered on Debian, CVE-2024-3094 (TechRadar)
    160d 4h

    ScoresSource
  14. [5.9]
    XZ Utils compromised by maintainer "Jia Tan." (Help Net Security)
    160d 6h

    ScoresSource
  15. [6.6]
    Critical XZ Utils vulnerability allows unauthorized system access (Help Net Security)
    160d 17h

    ScoresSource
  16. [5.9]
    Critical security flaw in xz-utils threatens Linux and macOS (Security Boulevard)
    160d 20h

    ScoresSource
  17. [5.5]
    Malicious code in xz libraries poses security threat (The New Stack)
    161d 6h

    ScoresSource
  18. [4.3]
    Backdoor in xz compression utility version 5.6.0 discovered (SC Media)
    162d 1h
    Source
  19. [4.1]
    Backdoor found in xz Utils 5.6.0/5.6.1, affecting Linux distributions (Ars Technica)
    162d 5h
    Source
  20. [6.1]
    Critical XZ Utils vulnerability (CVE-2024-3094) compromises Linux systems (Help Net Security)
    162d 7h

    ScoresSource