This is one of the dumbest and most dangerous bugs I’ve ever heard of. From the KDE security list: When a vfat thumbdrive which contains “ or $() in its volume label is plugged and mounted trough the device notifier, it’s interpreted as a shell command, leaving a possibility of arbitrary commands execution. an example […]

read more →