Language Selection

English French German Italian Portuguese Spanish

Security: Patches, Roboto Drama and Android/Google

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Fedora (dpdk, mingw-djvulibre, mingw-hunspell, mingw-ilmbase, mingw-OpenEXR, php-symfony, php-symfony3, and rsyslog), openSUSE (chromium and squid), SUSE (aspell, cups, djvulibre, and dpdk), and Ubuntu (djvulibre).

  • Roboto Botnet network building, DDoS not a priority
  • Google quintuples top reward for hacking Android to $1 million

    Google, which has already paid security researchers over $15 million since launching its bug bounty program in 2010, today expanded its Android Security Rewards program. Most notably, the company is introducing a top prize of $1 million. The previous top prize was $200,000. That’s technically a quintupling, although the maximum reward could be even higher. Google is launching a 50% bonus for exploits found on specific developer preview versions of Android, meaning the top reward could net you $1.5 million.

  • Bad Binder: Android In-The-Wild Exploit (Project Zero)

    Over on the Project Zero blog, Maddie Stone has a lengthy post about a zero-day exploit that was found and fixed in the Android Binder interprocess communication mechanism. The post details the search for the problem, which was apparently being used in the wild, its fix, and how it can be exploited. This is all part of an effort to "make zero-day hard"; one of the steps the project is taking is to disseminate more information on these bugs.

  • Bad Binder: Android In-The-Wild Exploit

    On October 3, 2019, we disclosed issue 1942 (CVE-2019-2215), which is a use-after-free in Binder in the Android kernel. The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If chained with a browser renderer exploit, this bug could fully compromise a device through a malicious website.

    We reported this bug under a 7-day disclosure deadline rather than the normal 90-day disclosure deadline. We made this decision based on credible evidence that an exploit for this vulnerability exists in the wild and that it's highly likely that the exploit was being actively used against users.

    In May 2019, Project Zero published a blog post and spreadsheet for tracking “in-the-wild” 0-day exploits. In July 2019, I joined Project Zero to focus on the use of 0-day exploits in the wild. We expect our approach to this work will change and mature as we gain more experience with studying 0-days, but the mission stays the same: to “make zero-day hard”.

New Linux/Windows Malware Allows Arbitrary Execution of Shell...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

Graphics: AMD, Intel, Vulkan/Flycast and NVIDIA

  • AMD Publishes Vega 7nm ISA Documentation - 300 More Pages Of GPU Docs

    Beyond AMD's open-source graphics driver stack of the past decade, part of their original open-source plans have also involved providing public (NDA-free) GPU hardware documentation. That has come with time though the documentation drops are not coordinated in-step with code drops. Out today, for example, is the ISA documentation on Vega 7nm. Back in 2017 was the timely release of the Vega ISA documentation and earlier this summer was even the RDNA 1.0 ISA documentation but missing out until now was the Vega 7nm ISA documentation.

  • Intel's Iris Gallium3D Driver Continuing To See Performance Optimizations On Mesa 20.0

    With the current Mesa 19.3 there is the Intel Gallium3D driver generally performing much better than their "classic" i965 driver and for Mesa 20.0 it looks to only make more ground as it switches over to this driver by default. Beyond the recent build system changes for supporting an Intel Gallium3D default and building it as part of the default x86/x86_64 Gallium3D drivers with hopes of soon flipping the switch for Broadwell and newer, more performance optimizations are still being done.

  • Dreamcast emulator Flycast adds a Vulkan renderer

    There seems to be quite a lot of interest in Vulkan lately, as more projects begin using it. Now we have the Dreamcast emulator Flycast adding Vulkan support. In the technical blog post announcing it on the Libretro site, it gives a bit of brief history of the Dreamcast GPU and mentions the usual "less overhead, more reliability and better performance in many cases" when it comes to using Vulkan although it's a lot more complicated to use.

  • NVIDIA have two new Linux drivers available, one stable and one Vulkan Beta

    NVIDIA continue pushing their drivers forwards with two new Linux driver updates available. Let's take a quick look. First, the stable 440.44 driver release as part of their long-lived branch. This adds support for the Quadro T2000 with Max-Q Design, you can now use the "__GL_SYNC_DISPLAY_DEVICE" environment variable for Vulkan applications and it fixes a few bugs like tearing with a G-SYNC or G-SYNC Compatible monitor when you've got something running directly on a display (like VR).

Watch these videos from the Linux App Summit

For some, the holidays are a hectic time of shopping, cooking, and a house overflowing with loved ones. For others, they’re quiet times spent with just a few friends, or even in solitude behind the warm glow of a computer monitor. And for still others, it’s a workday like any other. No matter how you end up spending the holiday season this year, there’s comfort to be found in the Linux App Summit of 2019. This summit, which combined the strengths of everyone involved in developing applications for Linux, focused on a few major topics... Read more

Most essential apps for every Linux user | 2020

When you first install a Linux distro or do a fresh install on a system, you need to install the essential apps for regular use. That is why I have prepared a quick guide list of the essential apps for every Linux user. So that you can check and go through the installation easily and get the needed apps for your better use and workflow. Read more