A group of cybersecurity researchers has detected a major flaw that affects most Linux distributions, including Ubuntu.
The vulnerability was detected in the Polkit component and allows an attacker to gain access privileges. root in a system. Polkit is a tool to control various system preferences.
After the flaw was made known, cybersecurity experts from RedHat Y canonically They released security patches for Ubuntu. To be protected, you need to download them, install them, and restart your computer.
The update of Linux systems with Ubuntu is crucial, because although the vulnerability cannot be executed remotely, it can be exploited through another exploit. In fact, the portal BleepingComputer points out that hours after the failure was made public, the first exploit that exploit the vulnerability found in Polkit.
The flaw was discovered by the computer security company Qualys. The bug, named “PwnKit”, dates back 12 years and therefore affects all versions of Polkit.
In a publication detailing the characteristics of the vulnerability, Qualys insiders say they managed to gain “privileges root complete on default installations of Ubuntu, Debian, Fedora and CentOS.
Qualys said it informed Red Hat of the bug on November 18, 2021. Following the distribution of security patches, Qualys chose to make the bug public on January 25.
In order to facilitate your technical understanding, Qualys published a video detailing the scope of the exploit.