Security researchers have found a privilege escalation vulnerability in pkexec, a tool that’s present by default on many Linux installations. The flaw, called PwnKit, could allow attackers to easily gain root privileges on systems if they have access to a regular user without administrative privileges.
Researchers from security firm Qualys who discovered and reported the vulnerability were able to confirm it is exploitable in default configurations on some of the most popular Linux distributions including Ubuntu, Debian, Fedora and CentOS. They believe others are likely impacted as well, since the vulnerable code has existed in pkexec since the tool’s first version, over 12 years ago.
More Stories
China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers
The deployment of custom credential theft malware is the main novelty of the new campaign Read More
SharePoint Phishing Scam Targets 1600 Across US, Europe
Cyber-criminals used the scam to steal the credentials for various email accounts Read More
Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over...
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection...
New Post-Exploitation Attack Method Found Affecting Okta Passwords
The flaw derives from the way the Okta system records failed login attempts to instances Read More
Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts
The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into...