Mastodon, the open source social network, was hit by a major vulnerability allowing malicious actors to control any account. If the platform has deployed a fix, it is not certain that all servers have applied it at the moment.
Created in 2016, Mastodon saw a major gain in popularity in late 2022, when Elon Musk bought Twitter for $44 billion. Causing some users to fear that the platform would evolve in a direction that does not suit them, the acquisition allowed Mastodon to obtain 1 million additional users. The platform now records 12 million, and has assets that X.com cannot boast of, starting with the decentralization of its servers. However, it is also subject to significant security vulnerabilities.
A severity rate of 9.4 out of 10
Discovered by a cybersecurity researcher, the CVE-2024-23832 vulnerability is described as a “ origin validation error “. It holds a severity rating of 9.4 out of a maximum of 10. Malicious actors can exploit it to completely compromise Mastodon servers, allowing them to access sensitive user information, communications, and implement back doors.
The repercussions can be dramatic for individual users, communities and the integrity of the platform, leading to identity theft. If Mastodon has already released a patch, all administrators still need to update in a timely manner to secure instances against potential risks. The social network’s servers are in fact hosted and operated independently, with administrators setting up their own regulations applied locally.
For their part, users are powerless in the face of this vulnerability, but they can ensure that the administrators of the server they operate have updated the device. Otherwise, their account may be compromised.
Not a first
Aware of the extent of the flaw, Mastodon alerted administrators via a highly visible banner, inviting them to perform the critical update. The platform has not yet shared details about the vulnerability, but plans to publish new information about it on February 15.
Last July, Mastodon teams fixed two other flaws that could have been exploited to carry out a denial of service attack or remote code execution.
Download
- Decentralization of servers (or instances)
- The ease of publishing content
- The diversity of the communities present
Mastodon is an alternative social network available as a web service and applications for Android and iOS. Users can follow loved ones, join communities and chat with people around the world. Free, practical and respectful of personal data, this web service is attracting more and more users.
Mastodon is an alternative social network available as a web service and applications for Android and iOS. Users can follow loved ones, join communities and chat with people around the world. Free, practical and respectful of personal data, this web service is attracting more and more users.
Source : The Hacker News
After my journalism studies, I decided to focus on areas that fascinate me: new technologies, video games, or even astronomy. I love sharing around these subjects but my curiosity leads me to discuss many other subjects through my articles.
Read other articles
2