The updater for the open-source editor Notepad++ has installed malware on PCs. An update to Notepad++ v8.8.9 corrects this.
  • lurch (he/him)@sh.itjust.worksEnglish
    17·
    1 day ago

    Headline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.

    • smegEnglish
      11·
      1 day ago

      Which requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit