Ubuntu ‘Command Not Found’ Open to Exploit, Warn Experts

Researchers at Aqua Nautilus say they’ve identified a security issue with the way Ubuntu’s “command not found” feature works that attackers could exploit to trick users into installing malicious snaps. In a lengthy blog post detailing their investigation, the security outfit conclude that “the risk of attackers exploiting the ‘command-not-found’ utility to recommend their own malicious snap packages is a pressing concern”. “The true peril lies in the potential scope of this issue, with attackers capable of mimicking thousands of commands from widely-used packages,” adding “past instances of malicious packages appearing in the Snap Store highlight this issue.” What’s the
#News

https://www.omgubuntu.co.uk/2024/02/security-researchers-detail-ubuntu-security-flaw