Surge of killer device drivers leave no OS safe
Digg This!
News came yesterday that Linux users who used NVIDIA's drivers were in danger of being remotely exploited because a zero-day exploit code was released last week. Just the mere act of visiting a malicious website could trigger a buffer overflow that can lead to arbitrary code execution.
Since the attack is on the device driver which is closely tied in to the kernel, it operates beneath the user space and does not require root privileges to completely take over the system. Currently there are no patches or updated drivers that fix this issue so Linux users are faced with the difficult choice of running more generic drivers that lack hardware optimization or live with the risk of being rooted.
These kinds of device driver flaws aren't just limited to Linux; the reality is that they have recently plagued all operating systems from FreeBSD to Linux to Windows to Mac OS X.
No comments:
Post a Comment