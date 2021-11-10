ST. LOUIS – New research shows an attack technique called “Trojan Source” which the computer scientists claim can be used by attackers on almost all of the world’s computer code. The research came out of the University of Cambridge and the University of Edinburgh.

The attack targets a weakness in the Unicode – which allows computers to handle text across many different languages—to trick compilers into emitting binaries that do not actually match the logic visible in source code.

Scott Schaffer with Blade Technologies explains the attack works when you have left-to-right and right-to-left glyphs (symbols) appearing in the same command. That creates an opportunity for the code to be hijacked.

“This is the exploit ‘bad guys’ can use to insert code in and it wouldn’t be seen by the actual developer itself,” said Schaffer.

He says this vulnerability has been present for many years and there is no direct evidence of it being used nefariously in the wild.

He also points out this is something that can only be manipulated if someone has direct access to the developer’s workstation.

While there have been no reported attacks Schaffer recommends you update patches whenever they are issued. He said developers may be sending down updates to correct this flaw.