Dear Y/N, I am writing to inform you of a significant security vulnerability currently affecting the Scratch platform. While some reports have categorized this as a "h@ ck3r" incident or a virus, it is technically an exploit involving Arbitrary Code Execution (ACE). The vulnerability is triggered when a user enters the project editor and opens the costume or backdrop tab. In the web-based version, this allows unauthorized code to execute within the browser. However, the risk is significantly higher in the desktop and offline editors, where the exploit can execute malicious shell commands, potentially leading to data theft and system compromise. This exploit has already affected several scratchers, resulting in the unauthorized deletion of projects, modifications to profile descriptions, and the posting of unapproved comments. To protect your account and data, please observe the following precautions: - Refrain from opening suspicious projects or those shared by unknown users. - Avoid clicking on any unsolicited links. If you believe your account has been compromised, please take the following steps immediately: - Unshare all projects to prevent further spread. - Update your account password. - Remove any unauthorized comments from your profile. Please remain vigilant. Best regards, L. Collins
Before you assume I am radical or anything similar, READ THIS: https://scratch.mit.edu/projects/1318691538/ Ways SVG viruses can exist: https://muffin.ink/blog/scratch-svg-sanitization/ Additionally, do not click on the "see inside" button, in case this account was hacked.* *If the creator falls a victim to the h@ ck3r, this sentence would be immediately deleted.
