GhostLock Linux Vulnerability: A 15-Year-Old Bug
- GhostLock is a stack-UAF that has existed in all Linux distributions for 15 years.
- The bug was introduced in Linux 2.6.39 and fixed in Linux 7.1.
- Users can protect themselves by installing a Chromium flavor browser and disabling Javascript.
The Buzz Score
The Internet’s Verdict: 70% Hyped, 30% Skeptical
What Experts Say
Experts have tested GhostLock on various devices, including Android and Pixel devices.
Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older). Two boot looped, I had to enter recovery and the other just powered off.
Some experts have received significant rewards for discovering bugs like GhostLock.
Daaaaamn: Google has rewarded us $92,337 in kernelCTF I’m all ears now
How to Protect Yourself
To stay safe, users can take precautions such as installing a separate browser and disabling Javascript.
Experts also recommend dedicating a tablet for browsing unknown sites.
Focus Keyword: GhostLock Linux