Firefox 89.0.1 Released to Improve WebRender Performance, Fix Scrollbars on GTK Themes
Mozilla has released Firefox 89.0.1 to fix various bugs and regressions affecting Linux systems. This is a highly recommended update for all users!
Discover Security Vulnerabilities News
Seven Year Old Privilege Escalation Vulnerability Found In Some Linux Distros, Patch Now
A seven-year-old Linux local privilege escalation bug has reared its head and finally gotten a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros including RHEL 8, Fedora 21 or later and Ubuntu 20.04. Patch now!
Linux system service bug lets you get root on most modern distros
Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. This polkit local privilege escalation bug (tracked as CVE-2021-3560) was publicly disclosed, and a fix was released on June 3, 2021.
Google fixes sixth Chrome zero-day exploited in the wild this year
Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux, fixing 14 security vulnerabilities, including one zero-day vulnerability exploited in the wild (tracked as CVE-2021-30551). This marks the sixth Chrome zero-day exploited in the wild this year.
Linux Porter Discovered M1 Covert Channel Flaw Named ‘M1RACLES’
Hector Martin, a hacker who is porting Linux to Apple Silicon Macs through Asahi Linux, has discovered a novel covert channel vulnerability on the M1 chip, calling it ‘M1RACLES’ and tracked as CVE-2021-30747. The flaw lies in the design of the chip itself, allowing any two applications running under an OS to covertly exchange data between them without using memory, sockets, files, or any other features that are meant to be used for data exchange. "While this shouldn’t be allowed as it bypasses OS security layers, it is nothing to worry about in practice."
Raft of Exim Security Holes Allow Linux Mail Server Takeovers
A set of dangerous vulnerabilities have been discovered in the Exim mail server. Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.
