#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Polkit | Breaking Cybersecurity News | The Hacker News

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

Jun 29, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to  add  a Linux vulnerability dubbed  PwnKit  to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. The issue, tracked as  CVE-2021-4034  (CVSS score: 7.8), came to light in January 2022 and concerns a case of  local privilege escalation  in polkit's pkexec utility, which allows an authorized user to execute commands as another user. Polkit (formerly called PolicyKit) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes. Successful exploitation of the flaw could induce pkexec to execute arbitrary code, granting an unprivileged attacker administrative rights on the target machine. It's not immediately clear how the vulnerability is being weaponized in the wild, nor is there any information on the identity of the threat actor that may
12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

Jan 26, 2022
A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's installed by default on every major Linux distribution such as Ubunti, Debian, Fedora, and CentOS. Polkit  (formerly called PolicyKit ) is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes. "This vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration," Bharat Jogi, director of vulnerability and threat research at Qualys,  said , adding it "has
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Feb 09, 2024Static Code Analysis
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without clear prioritization - and miss a significant portion of the attack surface altogether. The primary issue arises from the detection and prioritization methods used by traditional Static Code Analysis (SCA) tools for vulnerabilities. These methods lack the organizational-specific context needed to make an informed scoring decision: the score, even if critical, might not  actually  be critical for an organization because its infrastructure works in a unique way - affecting the actual impact the vulnerability might have.  In other words, since these tools depend on a relatively naive methodol
7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

Jun 11, 2021
A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as  CVE-2021-3560  (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who said the issue was  introduced in a code commit  made on Nov. 9, 2013. Red Hat's Cedric Buissart  noted  that Debian-based distributions, based on polkit 0.105, are also vulnerable. Polkit  (née PolicyKit) is a toolkit for defining and handling authorizations in Linux distributions, and is used for allowing unprivileged processes to communicate with privileged processes. "When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileg
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cybersecurity Resources