>Zero-day vulnerability lets Linux applications gain root access
>The Perception Point Research team has identified a 0-day local privilege escalation vulnerability in the Linux kernel. While the vulnerability has existed since 2012
Linux acknowledges security issues and quickly fixes them.
Apple ignores them and patches months down the road.
Microsoft is somewhere in-between.
>Putting a password on your bootloader
Nigga, if you're entering a password on GRUB, it best be to unlock a LUKS volume otherwise you're already fucked because they have physical access to your machine.
I thought opens sores' so great because everyone can look through the code and find bubs like this?!
Turns out neckbeard hobbyists aren't smarter than security experts from MS/apple.
It was found this week and hasn't been used to anyone's knowledge. The fact that it existed since 2012 doesn't really mean anything. Every OS is like this, the important thing is that the vulnerabilities get patched immediately.
The problem here is that this vulnerability also affects Android, and people are going to be waiting weeks or months to get the patch. Older devices won't get the patch at all, so they'll be walking around with a phone that has a gaping security hole that will never be fixed.
>Android and Linux are both vulnerable to a zero-day exploit that
>It was found this week and hasn't been used to anyone's knowledge.
Why wasn't it found earlier? I always hear freetards brag about the advantages of open source, but they instantly go into damage control mode once something like this happens.
Because there aren't any.
Shellshock is 25 years old and they still make up excuses for it.
Windows never looked better.
who comfy here?
You know the problem and you have everything you need to fix it. That is the advantage of open source.
and you can't deny it by saying that someone else should fix something they built for free and you didn't pay for.
I love retards like you who hop from software to software because of hearsay, memes and irrelevant issues that barely have any affect on the end user.
>oh fuck /g/ says NSA will spy on me if I use Windows!
better use Ubuntu
>oh fuck /g/ says Amazon will spy on me if I use Ubuntu!
better use Tails
>oh fuck /g/ says Tor is compromised!
better use Debian
>oh fuck /g/ says Debian has ancient 2 year old packages!
better use Arch
>oh fuck /g/ says Arch breaks X and deletes my configs!
better use Gentoo
>oh fuck /g/ says a security issue was found in the Linux itself!
better use Windows
>oh fuck /g/ says NSA will spy on me if I use Windows!
According to the first article linked, this newly found bug let's an attacker
>view private information
>install unwanted programs
All of which Microsoft can do to you on windows.
It's not bullshit.
Imagine if we would call cars by just their brand. So every Volkswagen car (Golf, Polo, Passat et cetera) is just "a Volkswagen". That's incorrect. It's a Volkswagen (brand) Passat (type).
Same reason GNU/Linux is correct when you refer to GNU with Linux. Calling it "Linux" leaves out a very fundamental identifier of the "car" as a whole.
I love this meme. Especially since India's one of the top Linux countries.
And if you (if you were the one I was referring to) actually read the article, you could've easily answer your original question by yourself.
>Same reason GNU/Linux is correct when you refer to GNU with Linux.
And yet it still is way to unspecific considering you can replace Linux user land almost as much as you want. Do we call desktop Linux X11/Linux nowadays? No.
>all this poorfag third world shit.
Freetards disgust me.
So is linux or gnu and linux.
If it isn't the later I don't know how android devs haven't fixed it
>While the vulnerability has existed since 2012, our team discovered the vulnerability only recently
Oh that's why. Lets just wait for an update then
how much I hate this word please use "nowdays"
>In other words, Europe comes out as the overall most Linux-friendly world region.
>South America, 0.88%
>North America, 0.72%
>Market share meme
>Pats said that the Linux team has been notified, and patches should be available and pushed out soon to devices with automatic updates.
Reading comprehension or freetard bubble?
>only two of those are right
>its the first and the last
>there are plenty of people out there who will believe the rest
I know being retarded about computers is a global tradition at this point, but come on
>Both android and linux is vulnarable
>Quoting linux only
Fucking Microsoft shills, how much do they pay you?
adroid is not linux
(Some cunt mentioned a car analogy up there)
Even if you take a car, let's say a Ford Focus and you replace the bumpers and the interior and the engine, it's still a ford focus
This is all the studying I needed to do
I don't get it, how is it 3 years? Yes, this bug affects kernel 3.18 and higher, which is from a long time ago but exploiting this bug or this vulnerability is discovered recent days, not to mention SELinux users are free from this issue.
Critical vulnerability like this could not be even discovered if it was closed source. And good luck finding out if it is patched in the updates of a closed non-free softwares.
> Microsoft selling it's own vulnerabilities to the NSA
> Literally OS ridden with spywares
> Adwares in updates and start menu
> Thinking SELinux is not audited
>OSX and ZERO exploits
oh look, another cve that doesn't affect debian wheezy at all
To be honest windows' biggest vulnerability is it's dumb users
>Crack and patch softwares
>Patched OS activator
>Thirdparty Registry editor
>Built in ad-clickbaits
And to think these wintards are making threads about security hahahahahahaha
>Most linux programs are third party
Only true for people who doesn't know how to look for native packages
These people will look for
>Sublime kek instead of kate/geany
>VMware instead of QEMU/KVM
>Adobe reader instead of Evince/Zathura
>Chrome instead of Chromium etc
>call them freeniggers
>freetards are actually niggers
You can't make this shit up.
>local privilege escalation
It's fucking nothing. If there's someone who has physical access to your machine and they want to do "bad things", you're fucked either way. This has already been patched on Debian and *buntu, Arch is sure to have a patch out very, very soon.
Porbably one of the most audited pieces of software out there. Do you seriously believe that the fucking ICBC, the Chinese central government (remember how great they get along with the US?) bank with 100 million customers and 8 million corporate accounts, that has Linux serving as the main backbone for their IT infrastructure, hasn't audited the ever loving shit out of SELinux themselves? Do you really think every government in the world isn't checking for NSA backdoors when they were involved in making it? Do you think they'd be quiet about it?
LINUX BTFO AMIRITE?
ANYONE HERE WITH KMSAUTO? DAZLOADER DIDN'T WORK
What is command +R in osx reboot and type reset password in terminal
What is booting from other OS and editing windows
Whilst Linux kernel req a lengthily exploit
>yfw it's exactly the same situation on both sides
>a bunch of faggots are being paid to go through the code
Let's not pretend that randomgithubfag#4252 has actually ever bothered fixing any serious bugs in either kernel.
The "everyone can look at the code" doesn't apply in kernels or drivers.
Linux is ford focus internals (engine, drive train, tranmission, frame, wheels, etc).
Android is the Outside (Body, interior seats, steering wheel, pedals)
Android boots up via same method a linux, BUT as soon as init.d scripts finish running the system is handed off to the zygote process which handles the dalvik/java VM.
Android has so much vulnerability and google is taking the same fucking path as microshit/crapple.
>someone today finds a new way of exploiting something
>claims the exploit has existed for many years
>it didn't exist till someone discovered a method of - get this - exploiting it
>someone cries and whines about it being vulnerable
>not understanding a fucking thing
>stupid fucking people will be the death of us all
Yes it does. Kernels or drivers aren't really more complex than other programs. Most drivers tend to be fairly simple even. All they do is implement a protocol specified by the hardware vendor and the corresponding kernel API. The real problem is that most hardware vendors don't publish their specifications (best example: NVIDIA), so people have to reverse engineer and guess.
I mean, just look at the thousands of kernel forks and mods made by those faggots on XDA etc. Surely they aren't all geniuses and wizards.
Sure your desktop/server Linux will get patched pretty quick, probably before there are any actual exploits in the wild.. but
>The cherry on top is that about 66% of Android devices are also exposed.
Wonder how long before those devices get patches? (assuming they ever do)
Yes, I realize that you personally, Jimmy G. Austimo, will be flashing to the latest CM or whatever you want once it's available but the average user's device will probably be waiting weeks or months for a patch if it even gets one.
Google should have just said fuck the OEMs and carriers from the beginning and avoided this fragmentation clusterfuck that is Android now.
Make every device essentially a Nexus device, don't let them shit everything up with bloat and then abandon devices that are perfectly capable of running recent versions of the stock OS.
Oh well, techies will always use nexus devices and/or custom roms and don't care, but the average normie could get royally screwed when a vuln like this gets into the wild and still isn't patched months later due to OEM & carrier laziness
>mfw android botslaves are the only brand of phone that gets fucked in the ass by carrier updates
Meanwhile on Windows land:
>Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 … and a new network attack
Also it's meaningless to cherry pick individual security issues.
Not to defend Linux or open sauce, but all phones - even with 5.1.1 - run kernels like 3.10, or older.
Same with LTS/enterprise systems.
> inb4 XDA kernels
> inb4 basement dweller's Arch Linux
Who the fuck wants to hack a neckbeard autistic cunt?
>PSSH ITS ALREADY BEEN FIXED
>all that butthurt in this thread
No shit it's been patched. What fucking OS wouldn't patch it immediately after hearing about such a massive fuck up?
Just goes to show linux most likely has shitloads of vulnerabilities that WILL be found once it gains popularity.
Now I'm DEFINITELY staying on Windows.
Literally nothing to worry about
Kek, that only affects prehistoric computers running a >3.8 kernel, aka nobody.
If you manage to get the exploit to run (30 minutes), it'll just fail because every system under the sun will have SMEP/SMAP.
>including tens of millions of Linux PCs and servers
>tens of millions
Topkek, I have two laptops running 4.3 and 3.16, plus servers ranging from prehistoric to state of the art, none of them are affected.
Linux is secure by default, even when they find a vuln and make you run the exploit manually, it doesn't work.
Who the hell uses >3.8?!
Just let me know, which major LTS distro/server distro uses that kernel.
> tens of millions
Yepp, pulling numbers out of the ass is a great journalist perk. Just like the jews when it comes to the Hall of Cost. Muh 33333 gazillion.
>"B-but if open-source software is so good why don't people fix security bugs in it all the time, Windows needs a patch every day!"
>A vulnerability is patched
>"Hey look they just patched a vulnerability! They're so insecure XD"
How is it the fault of Linux if Android users don't get the update? Blame Google for allowing retard manufacturers/carriers to stop supporting a device a year after it comes out. Fuck you, Lenovo and AT&T.
Past Android, the only people who will be insecure are those who refuse to update. This is, again, not the fault of Linux. Nobody holds Microsoft responsible for Windows XP users being insecure.
If you think Windows and OS X don't have vulnerabilities like this from time to time, you're frankly a fucking retard.
Please refrain from posting flamewar-inducing threads on /g/.
They're not funny, they're an edgy grab for replies that floods the board with shit.
Do you like talking about technology? If so, then do so civilly. It isn't that hard to start a thread asking a question like "What are the pros/cons of NVidia vs. AMD?" or "What are the pros/cons of Apple devices vs. other computer manufacturers?"
Your thread is just cluttering /g/ with filth, and should probably be pruned/deleted.