There is a vulnerability in the Plasma desktop that KDE developers are currently working to patch. The details are here.

For the moment avoid downloading .desktop or .directory files and extracting archives from untrusted sources.

Also, if you discover a similar vulnerability, it is best to send an email before making it public. This will give us time to patch it and keep users safe before the bad guys try to exploit it. Downloads of .desktop files should in general be treated about as suspiciously as .lnk files on Windows.

"Researcher did not notify KDE team" What a shit and what a strange excuse.
But please, make KDE safer and stay that way, because I really like it.

@kde sucks Penner just wanted props before defcon. I hope its not too much hassle for you.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!