|
|
Subscribe / Log in / New account

The "Trojan Source" vulnerability

The "Trojan Source" vulnerability

[Security] Posted Nov 1, 2021 14:22 UTC (Mon) by corbet

The latest branded and trademarked vulnerability type is called "Trojan Source". By playing tricks with Unicode bidirectional support, an attacker can create malicious code that appears to be benign to reviewers. "The attack is to use control characters embedded in comments and strings to reorder source code characters in a way that changes its logic." Various releases, including Rust 1.56.1, are being made to address this problem.

Comments (120 posted)


Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds