It’s a privilege escalation vulnerability:
Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system.
Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.
It was discovered in October, and disclosed last week — after most Linux distributions issued patches. Of course, there’s lots of Linux out there that never gets patched, so expect this to be exploited in the wild for a long time.
Of course, this vulnerability doesn’t give attackers access to the system. They have to get that some other way. But if they get access, this vulnerability gives them root privileges.
Friday Squid Blogging: Creating Batteries Out of Squid Cells
This is fascinating: “When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its...
A Hacker’s Mind News
My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in...
Critical flaw in WooCommerce can be used to compromise WordPress websites
WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over...
Spot and Remove Viruses from Your Android Phone
So, can Android phones get viruses and malware? The answer is yes, and likewise you can do several things to...
CISA Unveils Ransomware Notification Initiative
Provides businesses with early warnings to evict threat actors before they can encrypt data Read More
WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
The vulnerability could allow an unauthenticated attacker to gain admin privileges and take over a website Read More