KDE: Zero-Day Found In Desktop Environment Undetected Code Execution

If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.

A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's computer—without even requiring the victim to actually open it.

KDE Plasma is one of the most popular open-source widget-based desktop environment for Linux users and comes as a default desktop environment on many Linux distributions, such as Manjaro, openSUSE, Kubuntu, and PCLinuxOS.

The link for this article located at The Hacker News is no longer available.