"CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks"

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 dubbed PwnKit has been exploited in attacks.  The flaw came to light in January and affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems.  Polkit is developed by Red Hat, but it’s also used by other Linux distributions.  CISA stated that PwnKit has been described as a memory corruption issue that can be exploited for privilege escalation, and it allows any unprivileged local user to elevate permissions to root.  The vulnerability has been found to impact the products of several major companies.  Juniper Networks, Moxa, IBM, VMware, Siemens, and others have released advisories to describe the impact of CVE-2021-4034.  CISA recently added the vulnerability to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to install patches by July 18.

SecurityWeek reports: "CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks"