Two new Linux local privilege escalation vulnerabilities, Dirty Frag and Copy Fail 2: Electric Boogaloo were discovered in the same vulnerability class as Copy Fail, affecting most Linux distributions.
Do they not have access to the likes of Mythos like Mozilla does?
I used to think the show Person of Interest was way out there and no way things are that vulnerable. I see now it was way ahead of its time and I was wrong. Makes for a better show now. Ironic cause shows with tech don’t usually age well.
Today we’re announcing Project Glasswing1, a new initiative that brings together Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software.
Ah! Thanks for sharing.
So that’s good then, no? More findings means more fixes.
Just imagine if that XZ Utils guy had this before. Linux would have been cooked by now. He was so close.
Daniel Micay and Madaidan are pretty much completely vindicated.
The article is 4 years old, but all the issues are still there: Linux | Madaidan's Insecurities
This should make it obvious that Linux desktop security isn’t fine at all, like some like to claim, and that Linux phones are a terrible idea until the security posture of Linux distributions is drastically improved.
I am slowly working on it.
These names 
The more Linux gets popular, the more targeted it will be as well. If Linux wants to succeed in market share, they need to up their security. The moment it gains large adoption, one single catastrophic exploit could make people run back to Windows or Mac.
Understood.
I see your point, though it isn’t like these catastrophic exploits don’t exist on Windows MacOS either.
The moment it gains large adoption, one single catastrophic exploit could make people run back to Windows or Mac
Not to be that guy but Linux already has mass adoption thanks to server/infrastructure market so there is already significant incentive from various parties to find vulnerabilities, create exploits and patch said vulnerabilities and exploits.
I agree that Linux needs to up its security for any significant success in the desktop market share but I’m not sure how many people outside of online privacy and security spaces would be aware of, and care enough to move OSes when these critical OS vulnerabilities are found even if they did make the switch to Linux.
Yes, you’re right to say that they do have catastrophic exploits. However, my point in saying this was that Windows and Mac are the cultural default. If the alternative doesn’t match what the cultural default provides, there are two things that this could happen:
This is the ideal case for Linux—that the public actually prefers Linux over Windows for some set of reasons.
This is the less-than-ideal case. Linux remains only as an alternative that appeals to a niche community of desktop/laptop users.
Even though all three operating systems have catastrophic exploits from time to time, two of them are given the status of “normal” and are part of everyday culture while the third one is neither. At least in the US. Maybe it is different in European countries. I remember seeing some institutional adoption of open-source tech, which is another metric that measures cultural adoption.
Moving from the cultural default to a cultural alternative takes a lot of intention. Meanwhile, moving from the alternative to the default is very easy and incentivised because there is less friction between you and the cultural and social world you inhabit. If there were people who moved to Linux and found out that they were exploited or hacked, it’s not a matter of caring enough to switch. If I try a new food and it I don’t like how it tastes, I go back to eating the food I usually eat. But I take your point that a lot of people outside this space probably won’t be aware that their devices were exploited.
You’re completely right. I forgot about the infrastructure market.
I think this largely comes down to what you define as a “cultural default”. Personally I view Linux desktop adoption more at an individual level, which could eventually affect some “cultural default” instead of viewing the “cultural default” before individual choice.
I would also like to say that we(I) consider MacOS and Windows “normal” and the “cultural default” largely because they ship as the default software on the hardware we purchase, and since most people will never install their own OS, or even perhaps know this is an option, Desktop Linux market share is limited in its growth. This is why I am hopeful that hardware that ships with Desktop Linux by default[1] eventually take off.
Various OEMs are making progress on this like Framework, System76, and to some extent traditional OEMs like DELL or Lenovo, but Windows is still the majority default by a significant margin. ↩︎