Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, including a critical one that allows hackers to create arbitrary files on instance-hosting servers using specially crafted media files.
  • Sphere@reddthat.com
    9·
    1 year ago

    IMHO Mastodon needs to have some kind of automatic update scheme to roll out bugfixes to these kinds of problems quickly … if there are enough instances out there vulnerable to this or any subsequent issues like it, we could end up with a situation where someone starts coopting Mastodon servers as part of botnets and costing their owners a ton of money in bandwidth bills, getting them IP-banned in various places, etc. The only way to fix this is fast automatic updating.

  • GVasco
    1·
    1 year ago

    Very interesting! In the age of federated social networks it’s even more important that everyone create and use unique credentials on every instance and service they register with!