Discover Security Vulnerabilities News
Hidden Linux kernel security fixes spotted before release – by using developer chatter as a side channel
Security researchers have found that they can detect Linux kernel security fixes before they are released - information that could be used by malicious hackers to develop and deploy exploit code before patches are widely available.
Boffins affiliated with BMW, Siemens, and two German universities say they can pinpoint obfuscated Linux kernel security fixes, developed in secret, before they are officially released. This is insight miscreants could use to develop and deploy exploit code before patches are widely available.
What's more, the team found that Linux kernel patches are regularly introduced in a way that bypasses public review and discussion, a practice that opens at least a theoretical risk of backdoored code.