And you thought that Microsoft operating systems were bad on security... Well, they are. But all is not rosy in the Unix/Linux world either, as this News.com story shows. An entirely new class of exploit has been showing up over the last couple of months, and it's been termed the 'format string' vulnerabilty.
Similar to a buffer overflow exploit, the new type of vulnerability uses formatting commands to run malicious code. Apparently, some of the code has been vulnerable to these exploits for years, and the bugs are just now getting found and fixed. One such bug has been found in a core package that is relied upon for basic display services by "countless" programs.
That particular bug affects "all Linux and Unix operating systems except OpenBSD and FreeBSD" according to the president of a security company who was interviewed for the article. According to the article, Red Hat has already posted a fix for this bug; browsing the Red Hat site, I came upon this page, dated September 1, that appears to deal with the exploit in question. The article doesn't mention the status of bug fixes for any other Unix variant.
While it's good that this bug is quickly being stamped out, it looks to be a long road ahead; analysts seem to think there are quite a few more format string exploits lurking in the source code. Greeeeeat.
|Amazon's Echo Look uses machine learning to dress you up||9|
|EK machines a waterblock for the ROG Maximus IX Apex||2|
|Microsoft describes how it uses telemetry data for smoother updates||16|
|id software talks about Ryzen||60|
|FSP hits the heatsink market with its Windale CPU coolers||15|
|Steelseries Qck Prism is a lit stage for your mouse||23|
|Biostar shows up fashionably late to the Radeon 500-series party||9|
|MSI lets loose a trio of Optane motherboard bundles||12|
|GeForce 381.89 drivers power up their armor for Dawn of War III||8|