It's the year of the Linux desktop getting pwned. Chris Evans (not the red white and blue one) has released a number of linux zero day exploits, the most recent of which employs specially crafted audio files to compromise linux desktop machines. Ars Technica reports: "'I like to prove that vulnerabilities are not just theoretical -- that they are actually exploitable to cause real problems,' Evans told Ars when explaining why he developed -- and released -- an exploit for fully patched systems. 'Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out.' Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them."
http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-hacking-desktop-linux-is-now-a-thing/
>>58027711
Fucking normies popularized Ubuntu and now it's biting back.
Who would bother with that crap 5-8 years ago?
Nobody.
libgme is unmaintained and most distributions don't even have it in tree.
Nobody is vulnerable to this attack.
>>58027803
a media framework that by default ships with many mainstream Linux distributions.
>>58027864
Except it doesn't.
Not even news.
Neither Firefox nor Chrome is vulnerable.
>>58027864
That's what he claims, where's the proof.
>>58027904
Its vulnerable if you are using gstreamer with webkit and some obscure super old gstreamer library that nobody has installed.
>>58027711
These are not Linux 0days btw
What the article is describing is basically the same as tricking people to open a .pdf or .docx full of malware
No OS will ever be protect idiots from harming themselves by clicking on fishy email attachments, period.
>>58027711
>the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles
The sort of people who would handle this kind of files deserve to be pwned