Update Deepin Compressor Now to Patch Critical RCE Flaw

CVECVE-2023-50255
CVSScvssV3_1: 9.3
SourceCVE-2023-50255

Deepin Compressor, the default archive manager used in Deepin Linux, had a serious vulnerability that could allow hackers to take control of affected systems remotely.

The path traversal flaw meant that specially crafted archive files could trick Deepin Compressor into executing arbitrary code with root privileges simply by opening the file. This would give attackers full access to view, modify or delete files without the user’s knowledge.

While the technical details of the exploit are complex, it essentially abuses vulnerabilities in how the software handles and interprets file paths. By manipulating the paths in a malicious archive, a hacker could execute any code or program of their choice on the target machine.

All users are strongly recommended to update their installation of Deepin Compressor to version 5.12.21 or later as soon as possible. This update fixes the path traversal issue and closes the remote code execution possibility.

There are no workarounds other than updating, so users should prioritize installing any available patches or upgrades for Deepin Compressor to avoid becoming vulnerable. Taking quick action greatly reduces the risk of this critical vulnerability being exploited for malicious purposes like installing malware or stealing sensitive data.

References