Serious Flaws Discovered in Linux

Open Source security draws criticism

In April 2018, three new vulnerabilities were announced by Polish security firm iSec Security Research in a Linux kernel which could allow an attacker to elevate their privileges on the machine and execute programs as the root administrator.

Open Source and Microsoft

Microsoft was notified by EEye Digital Security about the flaws with their implementation of ASN.1 eight months before they finally announced the vulnerability publicly and released a patch. Those were eight months during which the bad guys could have discovered and exploited the flaw.

Open source tends to get patched and updated much faster. There are so many developers with access to the source code that once a flaw or vulnerability is discovered and announced a patch or update is released as quickly as possible. Linux is fallible, but the open source community seems to react much quicker to issues as they arise and respond with the appropriate updates much quicker rather than trying to bury the existence of the vulnerability until they get around to dealing with it.

That said, Linux users should be aware of these new vulnerabilities and make sure they stay informed of the latest patches and updates from their respective Linux vendors. One caveat with these flaws is that they are not exploitable remotely. That means that to attack the system using these vulnerabilities requires the attacker to have physical access to the machine.

Many security experts agree that once an attacker has physical access to a computer the gloves are off and almost any security can be eventually bypassed. It is the remotely exploited vulnerabilities, or flaws that can be attacked from systems far away or outside of the local network, that present the most danger.