Posted September 08, 2018 12:25:19The next batch, expected later this year, includes fixes for security vulnerabilities, and more.
We’ve already reported on the patch for the kernel vulnerability in the Linux kernel, which was revealed by an earlier version of the APT attack.
The APT attackers, who previously used similar tactics to penetrate security and other organizations, now appear to be trying to target Linux users and groups, according to security researcher Christopher Vickery.
“I suspect it’s a targeted attack, and the Linux patch should be targeted at that,” he told Ars Technic.
“The problem is that we have very few people with experience in kernel security, which makes this a difficult problem to fix.”
A fix for the security flaw was added in October 2018 and added to the Linux release schedule last month.
The patch contains a workaround that exploits a weakness in the way kernel developers handle kernel code, which means that attackers need to have access to a kernel source code repository to develop their attack.
It is not yet known how long the patch will be available to developers, although it is likely to be released within a few days.
Another vulnerability in one of the kernel subsystems, which is used by the operating system and kernel code as a base for building new components, was patched in January.
The fix also addresses a different bug that would allow an attacker to take control of the Linux operating system, but it’s not yet clear how it will be used.
An earlier version, also patched in October, included patches for three security flaws, including a buffer overflow that could allow an untrusted user to crash the system.
It’s not clear if there is any benefit to the kernel developers from fixing those flaws.
The bug was fixed in a kernel security update on April 12, 2018.
The second patch includes a fix for a critical bug that allows an attacker with access to the file system to take over the kernel, and it was added to Linux’s release schedule in November 2018.
It was initially reported by Linux security researcher Christian Buchholz, but the details have been published by the APTs’ creator, the BlackEnergy Group.
There’s been no indication yet that the new patch will improve the security of Linux, but researchers from the Linux Foundation say that it’s possible it could be a way to improve the system’s reliability and scalability.
The Linux kernel is used in nearly every computer today, and security vulnerabilities are one of its biggest weaknesses.
The most recent Linux kernel update (0.13.2) addressed two security vulnerabilities in the kernel that were previously addressed by earlier versions of the attack.
Both flaws were fixed in the first half of 2018.