The Rust Security Response working group (WG) has flagged a strange security vulnerability that is being tracked as CVE-2021-42574 and is urging developers to upgrade Rust version 1.56.1.
News of the obscure bug was disseminated in a mailing list today. The Rust project has also flagged the Unicode “bidirectional override” issue in a blogpost. But it’s a general bug that doesn’t affect just Rust but all code that’s written in popular languages that use Unicode.
Open-source projects such as operating systems often rely on human review of all new code to detect any potentially malicious contributions by volunteers. But the security researchers at Cambridge University said they have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic.
“We have discovered ways of manipulating the