>It's the year of the Linux desktop getting pwned. Chris Evans (not the red white and blue one) has released a number of linux zero day exploits, the most recent of which employs specially crafted audio files to compromise linux desktop machines. Ars Technica reports: "'I like to prove that vulnerabilities are not just theoretical -- that they are actually exploitable to cause real problems,' Evans told Ars when explaining why he developed -- and released -- an exploit for fully patched systems. 'Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out.' Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them."
It's the year of the Linux desktop getting pwned...
Other urls found in this thread:
microsoft.com
twitter.com
What does "zero-day"even mean?
>a number
Maybe the 3rd or 4th post about this. Didn't worked on my desktop though and you can chose to not compile this crap at compile. This is why i love OSS.
It means that you won't know that it exists before it has rammed itself deep into your ass.
...
The biggest problem Linux has is the people using it. They have their head so far up their ass with this "Linux has no bugs, 110% secure!" obscurity meme that they flat out refuse to admit there is a problem across their entire desktop landscape hacked up by amateurs.
Only when these people grow up enough mentally will they be able to face the problems and solve them, unfortunately most people mentally mature and go back to Windows or buy Macbooks because trying to help these people just ends with you receiving a lot of abuse.
I don't use chrome fedora or ubuntu so I think I'm okay.
>The biggest problem Linux has is the people using it.
sjw-tier argument bro.
>The biggest problem Linux has is the people using it. They have their head so far up their ass with this "Linux has no bugs, 110% secure!" obscurity meme that they flat out refuse to admit there is a problem across their entire desktop landscape hacked up by amateurs.
This is both an strawman, ad hominem and a contradiction by itself. Just answer the following question: if there exists a method to create perfect code then what is the advantage of opening the source?, i mean, perfect code doesn't needs to be reviewed or improved.
>Only when these people grow up enough mentally will they be able to face the problems and solve them
in what way? believing blindly in a corporation? just by wanting the source to be able to be reviewed and improved by more people they're already doing something.
>unfortunately most people mentally mature and go back to Windows or buy Macbooks because trying to help these people just ends with you receiving a lot of abuse.
Be honest, this personal attacks comes from a tribal feeling?.
Interestingly this is how i feel about windows users: justifying being mistreated because they're locked into an ecosystem.
Already patched. Go home microjew shill.
>most people mentally mature and go back to Windows or buy Macbooks
We never left, so we don't need to go back.
The Linux Loser is a self-selecting minority,
unprofessional and basically doomed to roam the lowest levels of IT forever.
Zero-day exploits are ones that affect a fully patched and up-to-date target system at the time the exploit is published; tl;dr they're the stuff you have to worry about right now
clickbait. all he did was use a social engineering attack.
>not the red white and blue one
LIES RYAN REYNOLDS WILL RELEASE A WINDOWS 0DAY TO BTFO MICROSOFT
Fuck off pajeet with your pysch ops faggotry.
I only have base gstreamer to satisfy a dumb requirement. My default player for everything is mpv in a custom sandbox config, so this couldnt have hit me anyways. Still, I installed libgme and totem to try and trigger this and no matter how much I tried I couldn't get the exploit to work. I even booted to a regular non-grsec kernel but dmesg wasn't throwing anything. Seems like a specific case that is non-default or hard to hit.
I'll wait for something more interesting
>Windows
implying microsoft products hasnt gone thru security flaws in media files over and over
first result
microsoft.com
The Apple MacBook Pro with Retina Display doesn't have this problem.
>proof-of-concept attacks
I love how sensationalist this is. They want you to think it's an exploit for just any music file when it's explicitly an exploit for .nsf files, which call an entire fucking full featured NES emulator to decode them.
But if it came to light that most of the exploits are academic, what would the security people do all day?
Not a problem with Slackware 14.2.