A new version of Git has been emitted to ward off attempts to exploit Vulnerability-related.DiscoverVulnerability a potential arbitrary code execution vulnerability – which can be triggered by merely cloning a malicious repository . The security hole , CVE-2018-11235 , reported Vulnerability-related.DiscoverVulnerability by Etienne Stalmans , stems from a flaw in Git whereby sub-module names supplied by the .gitmodules file are not properly validated when appended to $ GIT_DIR/modules . Including `` .. / '' in a name could result in directory hopping . Post-checkout hooks could then be executed , potentially causing all manner of mayhem to ensue on the victim 's system . Another vulnerability , CVE-2018-11233 , describes Vulnerability-related.DiscoverVulnerability a flaw in the processing of pathnames in Git on NTFS-based systems , allowing the reading of memory contents . In a change from normal programming , the vulnerability appears to be cross platform . Fear not , however , because a patch is available Vulnerability-related.PatchVulnerability . The Git team released Vulnerability-related.PatchVulnerability the update in 2.13.7 of the popular coding , collaboration and control tool and forward-ported it to versions 2.14.4 , 2.15.2 , 2.16.4 and 2.13.7 . For its part , Microsoft has urged users to download 2.17.1 ( 2 ) of Git for Windows and has blocked the malicious repositories from being pushed to Visual Studio Team Services users . The software giant has also promised a hotfix will `` shortly '' be available Vulnerability-related.PatchVulnerability for its popular Visual Studio 2017 platform . Other vendors , such as Debian , have been updating Vulnerability-related.PatchVulnerability their Linux and software distributions to include the patched code and recommend that users upgrade Vulnerability-related.PatchVulnerability to thwart ne'er-do-wells seeking to exploit Vulnerability-related.DiscoverVulnerability the vulnerability .

China ’ s largest Internet security company , Qihoo 360 , has found Vulnerability-related.DiscoverVulnerability several high-risk security vulnerabilities in EOS ’ s blockchain platform . These vulnerabilities would enable remote attacks on all EOS nodes , Qihoo 360 claimed Vulnerability-related.DiscoverVulnerability on Weibo Tuesday , May 29 . Qihoo 360 writes Vulnerability-related.DiscoverVulnerability that they reported Vulnerability-related.DiscoverVulnerability the vulnerability to the EOS team and that the EOS mainnet will not launch until the security problems are resolved Vulnerability-related.PatchVulnerability . Local news outlet Jinse , which noted that EOS asked 360 not to report Vulnerability-related.DiscoverVulnerability the vulnerability , claimed that the vulnerabilities have been fixed Vulnerability-related.PatchVulnerability on the same day , by around 2:00 pm China Standard Time . According to 360 ’ s Weibo post Vulnerability-related.DiscoverVulnerability , the vulnerability would allow an attacker to use a smart contract with malicious code to open a security hole , and then use the supernode to enter the malicious smart contract into a new block , thus putting all network nodes under the attacker ’ s control . Once this action has been completed , the attacker could then control the digital currency on the EOS network , obtain user ’ s private keys and data , launch a cyber attack , or begin mining for other cryptocurrencies . 360 describes Vulnerability-related.DiscoverVulnerability these vulnerabilities as a new “ series of unprecedented security risks ” that could affect other blockchain platforms besides EOS : “ 360 expressed [ hope ] that the discovery and disclosure Vulnerability-related.DiscoverVulnerability of this loophole will cause the blockchain industry and security peers to pay more attention to the security of such issues and jointly enhance the security of the blockchain network. ” EOS , whose mainnet is scheduled to launch on June 2 , is currently down by 2.76 percent over a 24 hour period , trading at around $ 11.70 by press time , according to Coinmarketcap data .

Enigmail and GPG Tools have been patched Vulnerability-related.PatchVulnerability for EFAIL . For more up-to-date information , please see EFF 's Surveillance Self-Defense guides . Don ’ t panic ! But you should stop using PGP for encrypted email and switch to a different secure communications method for now . A group of researchers released a paper today that describes Vulnerability-related.DiscoverVulnerability a new class of serious vulnerabilities in PGP ( including GPG ) , the most popular email encryption standard . The new paper includes a proof-of-concept exploit that can allow an attacker to use the victim ’ s own email client to decrypt previously acquired messages and return the decrypted content to the attacker without alerting the victim . The proof of concept is only one implementation of this new type of attack , and variants may follow in the coming days . Because of the straightforward nature of the proof of concept , the severity of these security vulnerabilities , the range of email clients and plugins affected , and the high level of protection that PGP users need and expect , EFF is advising PGP users to pause in their use of the tool and seek other modes of secure end-to-end communication for now . Because we are awaiting the response from the security community of the flaws highlighted in the paper , we recommend that for now you uninstall or disable your PGP email plug-in . These steps are intended as a temporary , conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community . There may be simpler mitigations available Vulnerability-related.PatchVulnerability soon , as vendors and commentators develop narrower solutions , but this is the safest stance to take for now . Because sending PGP-encrypted emails to an unpatched client will create adverse ecosystem incentives to open incoming emails , any of which could be maliciously crafted to expose ciphertext to attackers . While you may not be directly affected , the other participants in your encrypted conversations are likely to be . For this attack , it isn ’ t important whether the sender or the receiver of the original secret message is targeted . This is because a PGP message is encrypted to both of their keys . At EFF , we have relied on PGP extensively both internally and to secure much of our external-facing email communications . Because of the severity of the vulnerabilities disclosed today , we are temporarily dialing down our use of PGP for both internal and external email . Our recommendations may change as new information becomes available , and we will update this post when that happens .