Microsoft has restored the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after determining that their obfuscated code was not malicious.
These widely used VSCode extensions, installed over 9 million times, were removed in February due to security concerns, leading to the banning of their publisher, Mattia Astorino.
Security researchers initially flagged the extensions due to obfuscated code and the presence of execution capabilities in the "release-notes.js" file, raising suspicions of malicious intent.
Astorino refuted the allegations, explaining that the issue stemmed from an outdated dependency in use since 2016 and an unintentional inclusion of a build script.
Microsoft later admitted its mistake, with Scott Hanselman publicly apologizing to Astorino, acknowledging that the investigation led to the wrong conclusion.
Moving forward, Microsoft plans to refine its policies on obfuscated code and enhance its security scanning methods to prevent similar errors.
While some researchers maintain that the extensions contained potentially harmful code, they agree that there was no malicious intent from the developer.
Astorino has since rewritten and re-released the extensions, ensuring they are now completely safe for use.
Logging you in...
Loading IntenseDebate Comments...