A critical vulnerability was found in the `xz` library earlier this week.
A sophisticated and well planned backdoor was planted in a popular, and critical, library `xz` that uses the LZMA lossless compression algorithm, and under particular setup can be loaded by SSH daemon.
If it hadn’t been caught, it could have reached millions, if not more, Linux server around the world and gave an attacker root access for remote code execution. This means system such as: web servers, networking equipment, industrial system, personal and home appliances, and more.
Read my attempt to make sense of what happened in my latest blog post → https://www.yieldcode.blog/post/xz-backdoor/