Security News > 2023 > July > S3 Ep143: Supercookie surveillance shenanigans

DUCK. Yes, the usual large number of bugs fixed.

Although Elevation of Privilege usually gets looked down on as lesser than Remote Code Execution, where crooks use the bug to break in in the first place, the problem with EoP has to do with crooks who are already "Loitering with intent" in your network.

Even if all you're doing is reading from memory because you have unprivileged access to that memory outside the kernel.

Ghostscript bug could allow rogue documents to run system commands.

Either similar coding mistakes elsewhere in the same bit of code, or more than one way of triggering the original bug.

It's actually a sign that they didn't just do the minimum amount of work, sign it off, and leave you to suffer with the other bug and wait until it was found in the wild.

News URL

https://nakedsecurity.sophos.com/2023/07/13/s3-ep143-supercookie-surveillance-shenanigans/