• treadful@lemmy.zip
    link
    fedilink
    English
    arrow-up
    4
    ·
    6 months ago

    It’s a privilege escalation.

    The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges. It’s the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      This is why least privilege is so important. If one account is compromised it will be harder to compromise others if the original account is isolated.

    • corsicanguppy@lemmy.ca
      link
      fedilink
      arrow-up
      0
      arrow-down
      3
      ·
      edit-2
      6 months ago

      a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated.

      Immediately I noticed how when Teslas can’t drive themselves we also blame the car and not the driver.

      Weak. Blame the driver.

      • LeFantome@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        I re-wrote my Tesla firmware in Rust. It is faster and more secure. Self-driving is no problem when you use a safe language.

        Honestly, why are we even selling cars to people who do not take these basic steps?