It’s a privilege escalation vulnerability:
Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system.
Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.
It was discovered in October, and disclosed last week — after most Linux distributions issued patches. Of course, there’s lots of Linux out there that never gets patched, so expect this to be exploited in the wild for a long time.
Of course, this vulnerability doesn’t give attackers access to the system. They have to get that some other way. But if they get access, this vulnerability gives them root privileges.
More Stories
CISA and NFL Collaborate to Secure Super Bowl LVIII
Tabletop exercise assessed the cybersecurity response capabilities, plans and procedures for the event Read More
Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023
Kaspersky said these services range from $20 per day to $10,000 a month Read More
Elusive Sandman APT Targets Telecom Giants With LuaJIT Toolkit
SentinelLabs said the group’s tactics focus on stealthy lateral movements and minimal interactions Read More
#mWISE: Why Zero Days Are Set for Highest Year on Record
Experts at the mWISE conference discussed who is behind the surge in zero-day exploits Read More
US Government IT Staffer Arrested on Espionage Charges
Maryland resident faces possible death penalty Read More
UK Security Agency Publishes New Crypto Designs
NCSC hopes research will inform future standards Read More