{"id":10250,"date":"2024-04-03T16:36:45","date_gmt":"2024-04-03T16:36:45","guid":{"rendered":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/"},"modified":"2024-04-03T16:36:45","modified_gmt":"2024-04-03T16:36:45","slug":"xz-utils-supply-chain-attack-cve-2024-3094","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/","title":{"rendered":"XZ Utils Supply Chain Attack (CVE-2024-3094)"},"content":{"rendered":"<p>What is the vulnerability\/attack?<br \/>\nA malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries.  A security researcher found the malicious code when he experienced an unexpected behavior, leading to further investigation and discovery of the vulnerability.<\/p>\n<p>What is the recommended Mitigation?<\/p>\n<p>CISA has advised XZ Utils users to downgrade to an older version of the utility immediately (i.e., any version before 5.6.0) and update their installations and packages according to distribution maintainer directions. Major Linux distributions and package maintainers have published guidance on updating. Please see the link and refer to individual distribution and package advisories for the latest information and remediation guidance.<\/p>\n<p>What FortiGuard Coverage is available?<br \/>\nFortiGuard has released an endpoint vulnerability signature to detect systems running vulnerable XZ Utils &#8220;FortiClient Vulnerability&#8221;. As the situation is still developing; the FortiGuard team will update the threat signal and provide more information on related protections as they are released. FortiGuard Incident Response team can be engaged to help with any suspected compromise.<a href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5408\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-10250","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"XZ Utils Supply Chain Attack (CVE-2024-3094) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2024-04-03T16:36:45+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-04-03T16:36:45+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"XZ Utils Supply Chain Attack (CVE-2024-3094) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#blogposting\",\"name\":\"XZ Utils Supply Chain Attack (CVE-2024-3094) \\u203a Sekuritas IT\",\"headline\":\"XZ Utils Supply Chain Attack (CVE-2024-3094)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"datePublished\":\"2024-04-03T16:36:45+00:00\",\"dateModified\":\"2024-04-03T16:36:45+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#listItem\",\"name\":\"XZ Utils Supply Chain Attack (CVE-2024-3094)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#listItem\",\"position\":3,\"name\":\"XZ Utils Supply Chain Attack (CVE-2024-3094)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/\",\"name\":\"XZ Utils Supply Chain Attack (CVE-2024-3094) \\u203a Sekuritas IT\",\"description\":\"What is the vulnerability\\\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/04\\\/03\\\/xz-utils-supply-chain-attack-cve-2024-3094\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"datePublished\":\"2024-04-03T16:36:45+00:00\",\"dateModified\":\"2024-04-03T16:36:45+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"XZ Utils Supply Chain Attack (CVE-2024-3094) \u203a Sekuritas IT","description":"What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#blogposting","name":"XZ Utils Supply Chain Attack (CVE-2024-3094) \u203a Sekuritas IT","headline":"XZ Utils Supply Chain Attack (CVE-2024-3094)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"datePublished":"2024-04-03T16:36:45+00:00","dateModified":"2024-04-03T16:36:45+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#listItem","name":"XZ Utils Supply Chain Attack (CVE-2024-3094)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#listItem","position":3,"name":"XZ Utils Supply Chain Attack (CVE-2024-3094)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/","name":"XZ Utils Supply Chain Attack (CVE-2024-3094) \u203a Sekuritas IT","description":"What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"datePublished":"2024-04-03T16:36:45+00:00","dateModified":"2024-04-03T16:36:45+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"XZ Utils Supply Chain Attack (CVE-2024-3094) \u203a Sekuritas IT","og:description":"What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced","og:url":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/","article:published_time":"2024-04-03T16:36:45+00:00","article:modified_time":"2024-04-03T16:36:45+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"XZ Utils Supply Chain Attack (CVE-2024-3094) \u203a Sekuritas IT","twitter:description":"What is the vulnerability\/attack? A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced"},"aioseo_meta_data":{"post_id":"10250","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2024-04-03 17:00:34","updated":"2025-10-15 08:20:55","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tXZ Utils Supply Chain Attack (CVE-2024-3094)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"XZ Utils Supply Chain Attack (CVE-2024-3094)","link":"https:\/\/sekuritasit.com\/index.php\/2024\/04\/03\/xz-utils-supply-chain-attack-cve-2024-3094\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=10250"}],"version-history":[{"count":0,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10250\/revisions"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=10250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=10250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=10250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}