Update Docker Desktop Now to Patch Critical Remote Code Execution Flaw

CVECVE-2023-0625
CVSScvssV3_1: 8
SourceCVE-2023-0625

Docker Desktop is a popular tool used by many developers to build and share containerized applications and microservices. Unfortunately, versions before 4.12.0 of Docker Desktop are vulnerable to a critical remote code execution (RCE) flaw.

Attackers can exploit this vulnerability by crafting a malicious extension description or changelog update that gets processed by the vulnerable Docker Desktop installation. This allows the execution of arbitrary code on the targeted system with the privileges of the Docker Desktop process.

As Docker Desktop runs with elevated privileges, a successful exploit of this issue could allow an attacker to completely take over the host system and install programs, view and steal data, or conduct other malicious activities without the user’s knowledge or permission.

The good news is that Docker has released version 4.12.0 which patches this vulnerability. All Docker Desktop users are strongly recommended to immediately update their installation to the latest 4.12.0 version or later. You can check for updates through the Docker Desktop user interface or directly from the Docker website.

By updating your Docker Desktop installation, you can protect yourself and your data from any potential attacks targeting this critical RCE flaw. Staying on top of software updates is one of the best ways to help secure your devices and online accounts.

References