Comment on How does the xz incident impacts the average user ? #xz
Jimmycrackcrack@lemmy.ml 7 months agoI’m still confused exactly what the circumstances would be where this worked as the attacker intended. Would simply having the infected liblzma version on the system create the vulnerability or does something have to happen to invoke it and then what? What’s he chain of events that would have happened had this worked perfectly and gone undetected? I tried to read some of the more detailed analysis but the stuff went way over my head.
Also, what about Mac OS? Can the package create any vulnerability there if installed via homebrew as it’s reported to have done in some cases? Or is that environment also not right for it to work?
neatchee@lemmy.world 7 months ago
Here’s how it was intended to work:
NeatNit@discuss.tchncs.de 7 months ago
Thank you! I believe this is what the OP was asking, and it’s definitely what I wanted to know :)
Do we know what the payload is?
neatchee@lemmy.world 7 months ago
Arbitrary. It could be whatever they wanted at any time