Critical Vulnerabilities in Mastodon Software Patched

Fediverse: Critical vulnerabilities in Mastodon software patched

The developers of Mastodon, a popular social networking software, are currently addressing four security vulnerabilities. Two of these vulnerabilities are classified as critical, as they allow for the execution of malicious code, potentially compromising Mastodon servers.

One of the critical vulnerabilities involves attackers using carefully crafted media files to trick Mastodon into creating arbitrary files at any location within its system. This allows them to inject their own code or initiate a denial of service attack. The other critical vulnerability involves malicious actors manipulating oEmbed data to bypass HTML filtering and inject arbitrary HTML into oEmbed preview cards. This can lead to cross-site scripting attacks.

There is also a high-risk vulnerability where a malicious server can indefinitely lengthen the response time for outgoing HTTP requests, resulting in a denial of service. Additionally, attackers can manipulate “verified profile” links to make them appear as if they are directing to different destinations.

To address these vulnerabilities, Mastodon has released versions 4.1.3, 4.0.5, and 3.5.9. It is strongly recommended that Mastodon users update their software promptly to mitigate the risk of these vulnerabilities. The updated versions can be found on the Mastodon Github project.

In related news, a new social networking platform called Threads has been launched. It is planned to be connected to the Fediverse, allowing users to seamlessly move between threads and Mastodon instances while retaining their followers.

Overall, it is crucial for Mastodon users to stay informed about security updates and take necessary precautions to protect their data and privacy online.

Leave a Reply