There is a vulnerability in the Plasma desktop that KDE developers are currently working to patch. The details are here.

zdnet.com/article/unpatched-kd

For the moment avoid downloading .desktop or .directory files and extracting archives from untrusted sources.

Also, if you discover a similar vulnerability, it is best to send an email security@kde.org before making it public. This will give us time to patch it and keep users safe before the bad guys try to exploit it.

Follow

@kde
"Researcher did not notify KDE team" What a shit and what a strange excuse.
But please, make KDE safer and stay that way, because I really like it.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!