Snap security incident

JoeFootball · Post by **JoeFootball** » Sun Oct 01, 2023 10:32 am

"On September 28, 2023, the Snap Store team was notified of a potential security incident. ..."

https://forum.snapcraft.io/t/temporary- ... dent/37077

BenTrabetere · Post by **BenTrabetere** » Mon Oct 02, 2023 12:35 am

I do not use any Snaps, but this action from the Snap Store team makes me less concerned about using them. A lot of people find a lot of fault with Canonical and its proprietary Snap Store, but I think this incident demonstrates it does have some benefits. I am not sure FlatHub could have acted this swiftly or effectively if it discovered it hosted malicious flatpaks.

t42 · Post by **t42** » Mon Oct 02, 2023 1:01 am

BenTrabetere wrote: ⤴Mon Oct 02, 2023 12:35 am this action from the Snap Store team makes me less concerned about using them.

Temporary suspension of automatic snap registration after malware fooled some algorithm means malware should wait a little until suspension ends. And measures are applied only against new snaps, but more effective way for embedding malware is to register some normal snap / flatpak and insert malware in it later. It is up to developer to set interfaces which snap uses and nothing prevents developer to ignore norms and access files or system resources except recommendations.

NFA · Post by **NFA** » Mon Oct 02, 2023 2:48 am

Not reassured.

MurphCID · Post by **MurphCID** » Wed Oct 04, 2023 4:25 pm

Brodie Robertson now has a video out on this: https://youtu.be/1zl_Y8vSteo?feature=shared

panorain · Post by **panorain** » Sun Jan 07, 2024 2:56 am

I have about 5 snaps installed on a desktop. Can I please ask your thoughts on this?

Thanks

Linux Mint Forums

Snap security incident

Snap security incident

Re: Snap security incident

Re: Snap security incident

Re: Snap security incident

Re: Snap security incident

Re: Snap security incident