New One-Click Exploit Is a Supply Chain Risk for Linux OSes

October 10, 2023 at 04:47PM Researchers have discovered a vulnerability in a library used by the GNOME desktop environment for Linux systems. Exploiting the vulnerability through a malicious link could allow attackers to take over machines. The issue lies in a dependency called “libcue” used by a default GNOME application called “tracker-miners.” The researchers have … Read more

October 10, 2023 at 12:07PM – Researcher bags two-for-one deal on Linux bugs while probing GNOME component

October 10, 2023 at 12:07PM Researchers have discovered a high-severity remote code execution (RCE) vulnerability in a component of GNOME-based Linux distros. Tracked as CVE-2023-43641, the exploit takes advantage of the libcue library, used to parse cue sheets, and the tracker-miners application. The vulnerability affects all GNOME-based distros and can be triggered by downloading a … Read more

October 10, 2023 at 09:54AM – One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems

October 10, 2023 at 09:54AM GitHub’s Security Lab warns Linux users about a remote code execution vulnerability in the Libcue library used by GNOME. The flaw, tracked as CVE-2023-43641, can be exploited by getting the user to click on a malicious link, causing the attacker’s code to be executed. The PoC exploit will be released … Read more

October 10, 2023 at 03:06AM – libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks

October 10, 2023 at 03:06AM A security flaw in the libcue library affects GNOME Linux systems, allowing remote code execution (RCE) when a user downloads a malicious .cue file. The vulnerability (CVE-2023-43641) is caused by memory corruption in libcue versions 2.2.1 and earlier. Detailed technical information has been withheld to give users time to update. … Read more