Researchers at the University of Cambridge in England have discovered that pretty much all of the world’s computer code is vulnerable to a newly discovered exploit. In the worst-case scenario, if left unchecked, this could result in large-scale supply chain attacks. Researchers are calling it the ‘Trojan Source’ vulnerability, which can affect coding compilers.
These coding compilers translate human-readable language into a machine-readable format called machine code. According to researchers’ findings, these compilers can also be hijacked very easily. This is due to a bug that is present in pretty much all compilers. When properly exploited, this bug will allow attackers to invisibly commandeer systems for malicious purposes.
Worst case scenario, this ‘Trojan Source‘ exploit can instigate large-scale supply chain attacks. These attacks involve the silent deployment of malicious code into software products as a vector for compromising systems and networks. Meaning hackers can target entire software ecosystems allowing for more targeted attacks.
According to the researchers, the vulnerability poses an immediate threat and could threaten the entire industry. Cybersecurity reporter Brian Krebs reports that many organizations have promised to issue patches related to the ‘Trojan Source’ exploit. However, only half of these organizations have promised patches while “others are dragging their feet.”