Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Expert publicly disclosed a zero-day vulnerability in KDE

A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […]

KDE frameworks

A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed.

The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter.

“KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.”

The KDE Frameworks is currently adopted by several Linux distros, including Kubuntu, OpenMandriva, openSUSE, and OpenMandriva.

The vulnerability affects the KDE Frameworks package 5.60.0 and prior, it is caused by the way the KDesktopFile class handles .desktop or .directory files.

“KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class. When a .desktop or .directory file is instantiated, it unsafely evaluates environment variables and shell expansions using KConfigPrivate::expandString() via the KConfigGroup::readEntry() function.” reads a post published by the expert. “Using a specially crafted .desktop file a remote user could be compromised by simply downloading and viewing the file in their file manager, or by drag and dropping a link of it into their documents or desktop.”

The vulnerability could be exploited by attackers by using specially-crafted .desktop and .directory files that allow running malicious code on the victim’s computer.

The expert explained that browsing a folder with the KDE file viewer that contains where these files are stored, it will cause the execution of the malicious code in the .desktop or .directory files.

“When we combine this /feature/ with the way KDE handles .desktop and .directory files, we can force the file to evaluate some of the entries within the [Desktop Entry] tag.” the expert added. “Some of the entries in this tag include “Icon”, “Name”, etc. The exploit is dependent on the entry that gets read by the KConfigGroup::readEntry() function.”

The flaw can be used by attackers to drop shell commands inside the standard “Icon” entries found in .desktop and .directory files

“So for example, if we were to browse to the malicious file in our file manager (dolphin), the Icon entry would get called in order to display the icon.” Penner explained. “Since we know this, we can use a shell command in place of the Icon entry, which in turn will execute our command whenever the file is viewed. Theoretically, if we can control config entries and trigger their reading, we can achieve command injection / RCE.”

Below a video PoC shared by Penner and published by ZDNet:

Penner did not report the flaw to the KDE team because he wanted to release a zero-day flaw before Defcon.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – KDE, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]