Critical TootRoot bug lets attackers hijack Mastodon servers
Critical TootRoot bug lets attackers hijack Mastodon servers
Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, including a critical one that allows hackers to create arbitrary files on instance-hosting servers using specially crafted media files.
IMHO Mastodon needs to have some kind of automatic update scheme to roll out bugfixes to these kinds of problems quickly ... if there are enough instances out there vulnerable to this or any subsequent issues like it, we could end up with a situation where someone starts coopting Mastodon servers as part of botnets and costing their owners a ton of money in bandwidth bills, getting them IP-banned in various places, etc. The only way to fix this is fast automatic updating.
You wouldn't root a toot
Were any servers hijacked?