Arthur Besse@lemmy.ml to

Fediverse@lemmy.mlEnglish · 9 months ago

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

cross-posted to:
[email protected]

191

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

Arthur Besse@lemmy.ml to

Fediverse@lemmy.mlEnglish · 9 months ago

cross-posted to:
[email protected]

Remote user impersonation and takeover

### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

Chat

Atelopus-zeteki@kbin.run
link
fedilink
arrow-up
2·
9 months ago
Hmm, so if one is on iOS, the current version 2023.16, and is vulnerable. Take note apple / mac folx.
- Arthur Besse@lemmy.mlOP
  link
  fedilink
  arrow-up
  20·
  9 months ago
  No, this is a server-side vulnerability. Clients do not need to update, instances do.
  - Atelopus-zeteki@kbin.run
    link
    fedilink
    arrow-up
    2·
    9 months ago
    TY!

Fediverse@lemmy.ml

fediverse@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of “federation” and “universe”.

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

28 users / day
93 users / week
719 users / month
3.47K users / 6 months
1 local subscriber
17.7K subscribers
1.22K Posts
16K Comments
Modlog