It's rare but a security researcher just discovered a zero-day exploit that's present in multiple mainstream Linux distros, including Fedora and Ubuntu. According to Chris Evans, Linux PCs can be exploited when users open a specially crafted music file. And in case you use Chrome on Fedora 25, it works like a classic drive-by attack. ARS technica has the full details over here.
Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them.
In the video clip below, you can see Evans demonstrating the exploit in Fedora 25. Simply by clicking on a link in the Chrome browser, the attack can execute code with user-level system privileges.
On a related note, if you own a Netgear router you may want to check if your device is vulnerable. ARS Technica wrote this week that Netgear's R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220 and D6400 suffer from a command-injection vulnerability that can give attackers almost complete control of the devices. Three of these routers are listed in the top five most popular routers on Amazon. Unfortunately, Netgear is extremely slow in rolling out updates. Acew0rm security researcher Andrew Rollins says he notified Netgear on August 25 but they never got back to him so he had to escalate the matter to CERT to get a response from Netgear.
"Exploiting this vulnerability is trivial," officials with CERT, the federally funded vulnerability coordination service, warned in an advisory published Friday. "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available."
Firmware that fixes the vulnerability can be found over here, but for most routers the new firmware is still in beta phase.