MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
may
Recherche

If you installed PEAR PHP in the last 6 months, you may be infected

mercredi 23 janvier 2019, 21:10 , par Ars Technica
Enlarge (credit: Thomas Hawk)
Officials with the widely used PHP Extension and Application Repository have temporarily shut down most of their website and are urging users to inspect their systems after discovering hackers replaced the main package manager with a malicious one.
“If you have downloaded this go-pear.phar [package manager] in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” officials wrote on the site’s blog. 'If different, you may have the infected file.”
The officials didn’t say when the hack of their Web server occurred or precisely what the malicious version of go-pear.phar did to infected systems. Initial indications, however, look serious. For starters, the advice applies to anyone who has downloaded the package manager in the past six months. That suggests the hack may have occurred in the timeframe of last July, and no one noticed either it or the tainted download until this week.
Read 6 remaining paragraphs | Comments
https://arstechnica.com/?p=1445437
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
ven. 22 nov. - 11:30 CET