LG G1 OLED TV review SpaceX to send Artemis astronauts to moon Game of Thrones at 10 DogeCoin's rise Apple's April 20 iPad event Child tax credit's monthly check

KDE flaws put Linux, Unix systems at risk

Critical vulnerability in open-source software bundle could allow a remote attacker to commandeer a vulnerable system.

A serious vulnerability has been found in the popular KDE open-source software bundle. The flaw, deemed "critical" by the research outfit the French Security Incident Response Team, could allow a remote attacker to gain control over vulnerable systems. KDE is a desktop software package for Linux and Unix systems and includes the Konqueror Web browser and other applications.

The vulnerability lies in the JavaScript interpreter engine used by Konqueror and other parts of KDE, according to a security advisory posted Thursday. An attacker could craft a special UTF-8 encoded URI sequence to exploit the flaw, according to the advisory. For an attack to be successful, a person would have to visit the attacker's Web page using Konqueror, the FrSIRT said in its alert. Affected are KDE 3.2.0 up to and including KDE 3.5.0. Fixes are available.