Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). This discovery highlights the fact that developers of such applications must put in a high level of scrutiny to ensure their security.
RHEL (Red Hat Enterprise Linux) and CentOS Linux 7 users have received a new Linux kernel security update fixing several vulnerabilities affecting the Intel graphics drivers.
Mozilla has released Firefox 89.0.1 to fix various bugs and regressions affecting Linux systems. This is a highly recommended update for all users!
A seven-year-old Linux local privilege escalation bug has reared its head and finally gotten a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros including RHEL 8, Fedora 21 or later and Ubuntu 20.04. Patch now!
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. This polkit local privilege escalation bug (tracked as CVE-2021-3560) was publicly disclosed, and a fix was released on June 3, 2021.
Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux, fixing 14 security vulnerabilities, including one zero-day vulnerability exploited in the wild (tracked as CVE-2021-30551). This marks the sixth Chrome zero-day exploited in the wild this year.
