It’s gonna be busy the next few weeks for IT Security Professionals and Linux administrators. A vulnerability that uses the copy-on-write function to perform privilege escalation can potentially allow any installed application, or malicious code, to gain root-level access and completely hijack the device.
There is also a exploit already available in the wild that makes this vulnerability even more concerning.
The fix for this is simple and can be easily addressed with two lines of code that are installed with an apt-get command. However, many organizations will need to update this in non-production environments to test before moving to production. In addition, organizations will also want to reach out to all of their suppliers to confirm that they are doing the same. Similar efforts were required for the BASH, Poodle, and Heartbleed vulnerabilities.
Lastly, make sure you update those IoT devices! Linux is a common operating system for connected home devices. They will also be vulnerable if they are not patched.
Link – http://www.theregister.co.uk/2016/10/21/linux_privilege_escalation_hole/