The developers of the P2P Bitmessage protocol announced the discovery of a critical flaw in PyBitmessage v.0.6.2 for Linux, Mac and Windows.
The vulnerability enables an attacker to remotely execute a script code or open a reverse shell, and access all files, including cryptocurrency wallets.
Peter Šurda – the core developer of this protocol – also fell victim to an attack, which he reported on Twitter.
Recommendation in relation to the Bitmessage protocol RCE vulnerability
The most important thing is to quickly upgrade PyBitmessage to 0.6.3.2 or downgrade to PyBitmessage 0.6.1. Additionally, it is recommended to change the passwords on potentially compromised computers and generate new software keys.
This is yet another 0-day, we have heard about recently. Just a while back, we also wrote about the Adobe Flash Player case.
Source: The Hacker News
—
Do you need cybersecurity solutions for your company – contact us.
