More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said.
Tracked as CVE-2024-39929 and carrying a severity rating of 9.1 out of 10, the vulnerability makes it trivial for threat actors to bypass protections that normally prevent the sending of attachments that install apps or execute code.
“I can confirm this bug,” Exim project team member Heiko Schlittermann wrote on a bug-tracking site.
More than 1.5 million of the Exim servers, or roughly 31 percent, are running a vulnerable version of the open source mail app.
Threat actors can exploit it to bypass extension blocking and deliver executable attachments in emails sent to end users.
Given the requirement that end users must click on an attached executable for the attack to work, this Exim vulnerability isn’t as serious as the one that was exploited starting in 2019.
The original article contains 294 words, the summary contains 148 words. Saved 50%. I'm a bot and I'm open source!