"One-Click 'GNOME' Exploit Is a Supply Chain Risk for Linux OSes"

Researchers have discovered a security flaw in a library within the GNU Object Model Environment (GNOME) for Linux systems. If embedded in a malicious link, the vulnerability could allow instantaneous machine takeover by attackers. GNOME is an open-source desktop environment used by popular Linux distributions such as Ubuntu and Fedora. According to GitHub Security Lab, one of the default GNOME applications contains a dependency with an out-of-bounds array access vulnerability rated "High" (8.8 out of 10) in severity. Due to the way the application works, all an attacker would need is one click from a victim in order to execute arbitrary code on a GNOME OS. This article continues to discuss the potential exploitation and impact of the vulnerability in a library within the GNOME desktop environment for Linux systems.

Dark Reading reports "One-Click 'GNOME' Exploit Is a Supply Chain Risk for Linux OSes"

Submitted by grigby1