Mastodon hit by security flaw — top Twitter alternative acts fast to patch critical security issue that could have let hackers hijack user accounts
Top Twitter alternative Mastodon was found to be carrying a high-severity vulnerability which could have been used by hackers to impersonate people and take over their accounts.
The flaw is tracked as CVE-2024-23832, and has a severity rating of 9.4. It affects all Mastodon versions before 3.5.17, 4.0.13, and 4.2.5.
The vulnerability has now been patched, with administrators advised to apply it without delay. Specific details on the flaw are currently being withheld, as Mastodon wants to give admins enough time to patch. The project promised to share more information on February 15, BleepingComputer reports.
Decentralization and patching
For those who don’t know, Mastodon is an open source, decentralized social networking platform, which rose to (relative) prominence after Elon Musk bought Twitter.
In “fear” of radical changes to Twitter, many people flocked to Mastodon, which now allegedly houses 12 million users.
Mastodon works on the basis of instances – communities with unique guidelines and policies, governed by their administrators. The instances are then interconnected in a system Mastodon refers to as “federation”.
Being decentralized also makes it somewhat more difficult to patch. Every admin needs to patch their own instance, and Mastodon has placed a big banner on each server to alert the administrators. They have until mid-February to protect their users, after which their accounts will be vulnerable to the hijacking flaw.
Mastodon may not be the powerhouse Twitter is, but its user base is hardly negligible. As such, threat actors are also hunting for potential vulnerabilities on the platform. Last summer, the project fixed a critical vulnerability tracked as CVE-2023-36460, called “TootRoot”. This flaw allowed threat actors to send “toots” (posts) that could create web shells on target instances. The flaw granted the attackers full control over the vulnerable server, including access to sensitive user information.
More from TechRadar Pro
Top Twitter alternative Mastodon was found to be carrying a high-severity vulnerability which could have been used by hackers to impersonate people and take over their accounts. The flaw is tracked as CVE-2024-23832, and has a severity rating of 9.4. It affects all Mastodon versions before 3.5.17, 4.0.13, and 4.2.5. …
Recent Posts
- MSI Claw after more updates: nope, it’s still a dud
- 5 must-see movies coming to Prime Video for Pride Month 2024
- My iPhone 15 Pro Max lacks the one thing that made my old iPhone 13 Pro so attractive
- ICYMI: the week’s 8 biggest tech stories from ChatGPT’s meltdown to the biggest Computex announcements
- ‘It seemed like a crazy idea’: A tech expert got the inside story of how Blizzard saved big bucks by selling 10,000 old WoW servers to fans via a charity auction — and one of them even ended up as a wedding gift
Archives
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011