Three days later, still no new details about how the official PHP website hosted a backdoored version of the PEAR package manager for the past six months.
PEAR, which stands for “PHP Extension and Application Repository,” is the first package manager that was developed for the PHP scripting language back in the 1990s, and works by allowing developers to load and reuse code for common functions delivered as PHP libraries.
When you download PHP software for Unix/Linux/BSD systems, PEAR download manager (go-pear.phar) comes pre-installed, whereas Windows and Mac OS X users need to install the component when required manually.
Since many web hosting companies, including shared hosting providers, also allow their users to install and run PEAR, this latest security breach could impact a large number of websites and their visitors
“If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If different, you may have the infected file,” the note on the official PEAR website reads.
Since the PEAR officials have just put out a warning notification and not released any details about the security incident, it is still unclear that who is behind the attack.
The developers tweeted that they will publish a “more detailed announcement” on the PEAR Blog once it’s back online.
