Technology Security News

The latest technology security stories, summarized by AI

Dirty Frag: Early Disclosure Lets Linux Root on Major Distros

A Linux local privilege escalation named 'Dirty Frag' was publicly disclosed early, enabling local users to obtain root by exploiting decryption fast paths in the esp4, esp6, and rxrpc kernel code; with no CVEs or patches yet due to the embargo break, a workaround exists to disable the affected modules via: sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"; Alma Linux has released early patches for testing, and oss-security has more details; this situation means risk on most major distros until patches are issued.

19 days ago•Source: Phoronix

"Unpatchable Apple Chip Flaw Exposes Encryption Keys"

technology-security

3.955 min•2 years ago

"Unpatchable Apple Chip Flaw Exposes Encryption Keys"

A flaw in Apple's M-series chips allows attackers to exploit the data memory-dependent prefetcher to reveal encryption keys, posing a virtually unpatchable threat. The US warns of potential cyberattacks on water systems by hackers from Iran and China, while a new Russian wiper malware, AcidPour, threatens communication networks. Additionally, China-linked hacker group Earth Krahang has targeted organizations worldwide, breaching 70 entities, including 48 government organizations.

via WIRED