This sneaky trick could allow attackers to hide 'invisible' vulnerabilities in code

If you’re using the Rust programming language — or JavaScript, Java, Go or Python — in a project, you may want to check for potential differences between reviewed code versus the compiled code that’s been output. 

The Rust Security Response working group (WG) has flagged a strange security vulnerability that is being tracked as CVE-2021-42574 and is urging developers to upgrade Rust version 1.56.1. 

News of the obscure bug was disseminated in a mailing list today. The Rust project has also flagged the Unicode “bidirectional override” issue in a blogpost. But it’s a general bug that doesn’t affect just Rust but all code that’s written in popular languages that use Unicode.  

Since it is Unicode, this bug affects not just Rust but other top languages, such as Java, JavaScript, Python, C-based languages and code written in other modern languages, according to security researcher Ross Anderson. 

Open-source projects such as operating systems often rely on human review of all new code to detect any potentially malicious contributions by volunteers. But the security researchers at Cambridge University said they have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. 

“We have discovered ways of manipulating the

Read More: https://www.zdnet.com/article/this-sneaky-trick-could-allow-attackers-to-hide-invisible-vulnerabilities-in-code/#ftag=RSSbaffb68