Massive Security Flaw in KDE Plasma Global Themes

Discussion in 'Techforge' started by Nyx, Mar 20, 2024.

  1. Nyx

    Nyx Guest

    Ratings:
    +0
    Hey guys, if you're downloading KDE Plasma themes you might want to hold off for a bit. Turns out KDE themes can accidentally wipe out your system data along with your mounted drives through a massive security flaw. This also applies to plasmoids, widgets, and others.


    WARNING: Global themes and widgets created by 3rd party developers for Plasma can and will run arbitrary code. You are encouraged to exercise extreme caution when using these products.

    https://www.reddit.com/r/kde/comments/1bje0ck/warning_global_themes_and_widgets_created_by_3rd/
    • Funny Funny x 1
    • Winner Winner x 1
  2. Tererune

    Tererune Troll princess and Magical Girl

    Joined:
    Jul 5, 2014
    Messages:
    40,463
    Location:
    Beyond the Silver Rainbow
    Ratings:
    +31,054
    That is a trick as old as time for unix based OS. You are supposed to learn the nix so well that you do not just run someone else's scripts and mods (Yes I am using older terms) because there is really no security on the people who are making them, and you can give someone so much control that it is easy for a script kiddie to write something that you will want to use that will do nasty things to your machine.

    This is why the *nix community should really be just for people who look into what they are installing with knowledge and have protection and back up in case of such silliness.

    The MS and Mac licensing system for programs and apps serves as a sort of filter for the user that they can use more tried and reputable programs distributed by trusted sources and see that some things are just trash garbage or completely from untrusted sources and not brand approved.

    When you have the general public making kernel modifications you really cannot be running someones shit from an untrusted site without looking at it first.
    • Thank You! Thank You! x 1
  3. Nyx

    Nyx Guest

    Ratings:
    +0
    In defense of KDE, I think because it's nerds making distros for other nerds, they sometimes forget that the layperson will not interpret "this is a third party tool, use caution" as "be very careful, this could wipe your system." It's why I shared this same message on Twitter, Facebook, and other places, because a lot of lay people have moved away from Windows, they're tired of the bullshit. I try to direct them to very user friendly Linux distros, but some (like me) want to tackle the bigger stuff first and (unlike me) don't take precautions when they do.
    • Sad Sad x 1