Skype's Debian Package Could Allow Attackers To Completely Takeover Machines - Updated

Security researcher Enrico Weigelt uncovered a critical security issue in the way Skype installs itself on Debian Linux machines, adding its Microsoft's APT repository in the system's sources.list file.

Skype's Debian package uses an APT configuration profile which automatically inserts Microsoft's apt repository to the default system package sources which would allow anyone with access to it to hypothetically use malicious tools to compromise the machine.

In layman's terms, APT repositories are collections of .deb packages used as the central storage, management and delivery platform for all Debian-based Linux machines.

The APT repositories can be used to install, remove, or update applications on a Debian machine with the help of the apt-get command.

After obtaining control of Microsoft's Debian apt repository, an attacker would be able to inject malicious content in var... (read more)

from Softpedia News / Global https://ift.tt/2OBtZ2R