Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages.

  • OsrsNeedsF2P@lemmy.ml
    link
    fedilink
    arrow-up
    29
    ·
    11 months ago

    Neither Canonical"s Snapstore, nor Flathub manually verify apps. They’re both similar to the Play Store or App Store where it’s managed by the app developer.

    • jbk@discuss.tchncs.de
      link
      fedilink
      arrow-up
      7
      ·
      11 months ago

      Flathub has manual reviews during initial submission though. Also they’re working on automatically needing a manual review when e.g. new permissions are granted to apps