"If an adversary is currently patching binaries as you download them, these ‘Fixit’ executables will also be patched.
"Since the user, not the automatic update process, is initiating these downloads, these files are not automatically verified before executionas with Windows Update.
"In addition, these files need administrative privileges to execute, and they will execute the payload that was patched into the binary during download with those elevated privileges."
In the wake of revelation, Tor Project has flagged the Russian exit node as malicious in a bid to assure that well updated users will not come across it for second time.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.