Possible backdoor on your system— check your xz version immediately Link to heading

A shocking news just hit the Internet today— someone intentionally installed a backdoor in xz library to compromise SSH authentication…

Possible backdoor— check your xz version immediately Link to heading

A shocking news just hit the Internet today— someone intentionally installed a backdoor in xz library to compromise SSH authentication. If you are a macOS user, there is high chance that you have the problematic version.

Long story short, xz version 5.6.0 and 5.6.1 are known to be affected, though there is a possibility that previous versions might also have something similar.

If you are a macOS user, you likely have homebrew and have the affected version installed on your system

which xz
/opt/homebrew/bin/xz

xz --version
xz (XZ Utils) 5.6.1
liblzma 5.6.1

If this is the case, immediately downgrade xz by

brew upgrade

This will roll back xz to version 5.4.6. Excerpt from this article,

Several people, including two Ars readers, reported that the multiple apps included in the HomeBrew package manager for macOS rely on the backdoored 5.6.1 version of xz Utils. HomeBrew has now rolled back the utility to version 5.4.6. Maintainers have more details available here.