all InfoSec news
Trojan Source: Invisible Vulnerabilities. (arXiv:2111.00169v2 [cs.CR] UPDATED)
cs.CR updates on arXiv.org arxiv.org
We present a new type of attack in which source code is maliciously encoded
so that it appears different to a compiler and to the human eye. This attack
exploits subtleties in text-encoding standards such as Unicode to produce
source code whose tokens are logically encoded in a different order from the
one in which they are displayed, leading to vulnerabilities that cannot be
perceived directly by human code reviewers. 'Trojan Source' attacks, as we call
them, pose an immediate …
attack attacks code compiler encoding exploits human order source code standards text tokens trojan trojan source unicode vulnerabilities