logo
logo

0-days hitting Fedora and Ubuntu open desktops to a world of hurt

avatar
Marc Leonard
img

And in the event you're running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.

The zero-day exploits, which Evans published on Tuesday, are the latest to challenge the popular conceit that Linux, at least in its desktop form, is more immune to the types of attacks that have felled Windows computers for more than a decade and have increasingly snared Macs in recent years.

"I like to prove that vulnerabilities are not just theoretical—that they are actually exploitable to cause real problems," Evans told Ars when explaining why he developed—and released—an exploit for fully patched systems.

"Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability.

Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions.

Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor.

collect
0
avatar
Marc Leonard
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.