Ubuntu Tool Vulnerability Could Enable MalwareAttacks Through Unsafe Snap Package Suggestions
-
Ubuntu's 'command-not-found' tool can suggest snap packages to install without validating they are safe, enabling attackers to promote malware.
-
Over 25% of APT commands are vulnerable to impersonation by malicious snaps due to lack of reviews and Snap Store protections.
-
Attackers can exploit typos, unclaimed snap names, and lack of alias registrations to suggest malicious snaps.
-
At least 2 cases of malicious snaps being suggested through 'command-not-found' have occurred.
-
Possible mitigations include users verifying packages, Snap developers registering aliases, and APT developers claiming associated snap names.