Nakeva C.Jul 6, 2023
Ars Technica

Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking

Most critical of the bugs allowed attackers to root federated instances.

https://arstechnica.com/security/2023/07/mastodon-fixes-critical-tootroot-vulnerability-allowing-node-hijacking/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking

Most critical of the bugs allowed attackers to root federated instances.

Ars Technica
Jul 6, 2023 at 7:50pmArsBot 🤖
Show threadPrior Industry 🇺🇦Jul 6, 2023
@arstechnica 😬
Show thread~swapgsJul 6, 2023
@arstechnica "He said a researcher who uses the handle @cure53 performed the pentesting" https://en.m.wikipedia.org/wiki/Cure53
Cure53 - Wikipedia

Show thread(((Jann Gobble)))🏳️‍🌈Jul 6, 2023
@arstechnica Hey @leo, did you install this update on TWiT.social? Just wondering...
Show threadSibshopsJul 7, 2023

@jann @arstechnica @leo

It is fixed in version v4.1.3. Looks like our server is running the latest so it is good.

https://github.com/mastodon/mastodon/releases

"v4.2." · Releases · mastodon/mastodon

Your self-hosted, globally interconnected microblogging community - mastodon/mastodon

GitHub
Show threadJoe ❌👑Jul 6, 2023
@arstechnica Those running personal instances: install the security update *now* (if you haven't already). Now that the details are out, people will be looking for unpatched instances to exploit.
Show threadSpiralsJul 7, 2023
@arstechnica Not sure I completely understand, but it sounds scary