[ JAN 24, 2019 ]
Security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a remote, man-in-the middle attacker to compromise Linux machines.
The flaw, apparently, once again demonstrates that if the software download ecosystem uses HTTPS to communicate safely, such attacks can easily be mitigated at the first place.
Discovered by Max Justicz, the vulnerability (CVE-2019-3462) resides in the APT package manager, a widely used utility that handles installation, update and removal of software on Debian, Ubuntu, and other Linux distributions.
Cyber Security Tips :
The developers of APT software have released updated version 1.4.9 to fix the reported remote code execution vulnerability.
It is highly recommended for Linux users to update their systems as soon as possible.