Marshall Sutherland (Posting with Hubzilla) wrote the following post Sat, 08 Jul 2023 05:43:49 +0200Critical TootRoot bug lets attackers hijack Mastodon servers
Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files.

Mastodon has about 8.8 million users spread across 13,000 separate servers (instances) hosted by volunteers to support distinct yet inter-connected (federated) communities.

All the four issues fixed were discovered by independent auditors at Cure53, a company that provides penetration testing for online services. The auditors inspected Mastodon's code at Mozilla's request.
#security