Security researcher Alex Birsan has found a security vulnerability that allowed him to run code on servers owned by Apple, Microsoft, PayPal, and over 30 other companies (via Bleeping Computer). The exploit is also deviously simple, and it’s something that many large software developers will have to figure out how to protect themselves from.

The exploit takes advantage of a relatively simple trick: replacing private packages with public ones. When companies are building programs, they often use open-source code written by other people, so they’re not spending time and resources solving a problem that’s already solved. For example, I’ve worked on websites that had to convert text files to webpages in real time. Instead of writing code to…

Continue reading…