Saturday November 23, 2024

Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.

The platform became popular after Elon Musk acquired Twitter and now boasts nearly 12 million users spread across 11,000 instances.

Instances (servers) on Mastodon are autonomous but interconnected (through a system known as "federation") communities that have their own guidelines and policies, controlled by owners who provide the infrastructure and act as administrators of their servers.

Notable among the flaws is CVE-2023-45866, a critical security issue in Bluetooth that could allow an attacker in a privileged network position to inject keystrokes by spoofing a keyboard.means, such as unpatched security flaws that can trigger execution of arbitrary code.Read More..