#patch

anonymiss@despora.de

#CISA boss: Makers of insecure #software are the real cyber villains: www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains

Even calling #security holes "software vulnerabilities" is too lenient, she added. This phrase "really diffuses #responsibility. We should call them 'product defects,'" Easterly said. And instead of automatically blaming victims for failing to #patch their products quickly enough, "why don't we ask: Why does software require so many urgent patches?...

#news #technology #cybersecurity #development #economy #Update #Problem #cyberwar

anonymiss@despora.de

#Qualcomm warns of extensive #security #vulnerabilities in drivers for its chips ...

source: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2023-bulletin.html

Please contact the device #manufacturer for information on the #patching status of released devices.

Thanks for this useless hint, because the vast majority of older #Android devices never receive a #patch.


#software #bug #danger #warning #problem #fail #news #smartphone #wifi

anonymiss@despora.de

The #internet is broken 😱

Source: https://twitter.com/Shadowserver/status/1646540439703486465

#patch #Microsoft #software #problem #security #server #news

hackaday@xn--y9azesw6bu.xn--y9a3aq

Major Bug Grants Root for All Major Linux Distributions

image

One of the major reasons behind choosing Linux as an operating system is that it's much more secure than Windows. There are plenty of reasons for this including appropriate user permissions, installing software from trusted sources and, of course, the fact that most software for Linux including the Linux kernel itself is open source which allows anyone to review the code for vulnerabilities. This doesn't mean that Linux is perfectly secure though, as researchers recently found a major bug found in most major Linux distributions that allows anyone to run code as the root user.

The exploit is a memory corruption vulnerability in Polkit, a framework that handles the privilege level of various system processes. It specifically impacts the program pkexec. With the proof-of-concept exploit (file download warning) in hand, all an attacker needs to do to escalate themselves to root is to compile the program on the computer and run it as the default user. An example is shown by [Jim MacDonald] on Twitter for those not willing to try this on their own machines.

As bad as this sounds, it seems as though all of the major distributions that this impacts have already released updates that patch the issue, including Debian, Ubuntu, Red Hat, Fedora, open SUSE, and Arch. There is also a temporary workaround that removes read/write permission from the pkexec program so it can't run at all. That being said, it might be best to check that your Linux systems are all up-to-date and that no strangers have been typing random commands into the terminal recently.

#linuxhacks #securityhacks #admin #exploit #linux #patch #pkexec #polkit #root #security #update #vulnerability

anonymiss@despora.de

#Microsoft Calls #Firefox’s #Browser #Workaround “Improper,” Will #Block It

source: https://www.howtogeek.com/768727/microsoft-calls-firefoxs-browser-workaround-improper-will-block-it/

The upcoming Windows Update won’t block you from changing the default browser in #Windows 11. The #patch will force links using the microsoft-edge #protocol to always open in #Edge. These are specific links opened through Windows 11, such as those directly from the taskbar’s search feature. Firefox’s workaround and EdgeDeflector made it so these links would still open in your default browser. Microsoft is about to roll out an update that disables this workaround, calling it “improper” on Mozilla’s part

enter image description here

#freedom #openSource #software #economy #win11 #windows11 #news