The vulnerability, which has a severity rating of 9.8 out of 10, is caused by errors in converting Unicode to ASCII characters in PHP. This exploit uses Windows Best Compatibility to bypass a critical PHP vulnerability from 2012 (CVE-2012-1823). Although this vulnerability is rare, it can be exploited in environments such as XAMPP that run PHP executables in web-accessible directories.
The TellYouThePass attacks began on June 7, one day after the vulnerability was revealed, and mostly targeted servers in Chinese and Japanese localizations. Despite fluctuations in the number of infected servers from 670 to 1,800, the attacks underscore the importance of “timely remediation,” the media post said.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
