Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0-days hitting Fedora and Ubuntu open desktops to a world of hurt


  • Please log in to reply
3 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:12:37 AM

Posted 16 December 2016 - 12:52 AM

 

If you run a mainstream distribution of Linux on a desktop computer, there's a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you're running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.

 

The zero-day exploits, which Evans published on Tuesday, are the latest to challenge the popular conceit that Linux, at least in its desktop form, is more immune to the types of attacks that have felled Windows computers for more than a decade and have increasingly snared Macs in recent years.

While Evans' attacks won't work on most Linux servers, they will reliably compromise most desktop versions of Linux, which employees at Google, Facebook, and other security conscious companies often use in an attempt to avoid the pitfalls of Windows and Mac OS X. Three weeks ago, Evans released a separate Linux zero-day that had similarly dire consequences.

 

"I like to prove that vulnerabilities are not just theoretical—that they are actually exploitable to cause real problems," Evans told Ars when explaining why he developed—and released—an exploit for fully patched systems. "Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out."

http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-hacking-desktop-linux-is-now-a-thing/



BC AdBot (Login to Remove)

 


#2 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:10:37 AM

Posted 16 December 2016 - 01:31 AM

Well no one said linux was bulltetproof.

But there will be fixes quite soon methinks


You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png


#3 wizardfromoz

wizardfromoz

  • Banned
  • 2,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 16 December 2016 - 05:58 PM

You might want to duplicate this at Cheesemakers, Nick? Good find :thumbup2:

 

:wizardball: Wizard

 

BTW - I concur with Madman



#4 JohnC_21

JohnC_21

  • Members
  • 22,598 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:37 AM

Posted 16 December 2016 - 06:52 PM

From my understanding Ubuntu already patched this on Dec 13.

 

https://bugs.launchpad.net/ubuntu/+source/game-music-emu/+bug/1650523/comments/2






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users