KDE Linux Desktops are vulnerable to hack just by downloading Malicious files

Researcher discloses an unpatched KDE vulnerability that can run malicious code on a user's system

August 8, 2019 · 1 min · 55 words · Eric Zimmerman

KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class.

Some of the entries in this tag include Icon, Name, etc.

The exploit is dependent on the entry that gets read by the KConfigGroup::readEntry() function.

KDE LINUX

Meanwhile, the KDE team have acknowledged the vulnerability and are currently working on a fix.

spot_img