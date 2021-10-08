Security Leftovers
Vulnerability in firmware of MediaTek DSP chips used in many smartphones - itsfoss.net
Researchers from Checkpoint have identified three vulnerabilities (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) in the firmware of MediaTek DSP chips, as well as a vulnerability in the MediaTek Audio HAL audio processing layer (CVE-2021- 0673). In case of successful exploitation of vulnerabilities, an attacker can organize eavesdropping on the user from an unprivileged application for the Android platform.
In 2021, MediaTek accounts for approximately 37% of shipments of specialized chips for smartphones and SoCs (according to other data, in the second quarter of 2021, MediaTek’s share among manufacturers of DSP chips for smartphones was 43%). Among other things, MediaTek DSP chips are used in flagship smartphones by Xiaomi, Oppo, Realme and Vivo. MediaTek chips, based on the Tensilica Xtensa microprocessor, are used in smartphones to perform operations such as processing sound, images and video, in computing for augmented reality systems, computer vision and machine learning, as well as implementing fast charging.
CronRAT: A New Linux Malware That's Scheduled to Run on February 31st [Ed: This is not about "Linux" and Linux isn't how or why this malware gets on systems in the first place]
Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day.
Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said. The Dutch cybersecurity firm said it found samples of the RAT on several online stores, including an unnamed country's largest outlet.
Unexpected database server downtime, affecting bugs, forums, wiki
Due to an unexpected breakage on our database servers, several Gentoo websites are currently down. In particular, this includes Forums, Wiki, and Bugzilla. Please visit our Infrastructure status page for real-time monitoring and eventual outage notices.
Graphics: RenderDoc, Mesa, and Vulkan
Kernel: Futex2, Fixes, and Other New Features for Linux 5.16
Open Hardware/Modding With LineageOS and Arduino
October/November in KDE Itinerary
Since the last summary KDE Itinerary has been moving with big steps towards the upcoming 21.12 release, with work on individual transport modes, more convenient ticket access, trip editing, a new health certificate UI, better transfer handling and many more improvements.
New FeaturesCurrent ticket access A small but very convenient new addition is the “Current ticket” action, which immediately navigates you to the details page of the most current element on the itinerary. That comes in handy when having to show or scan your ticket and avoids having to find the right entry in the list in a rush. This action is now also accessible from jump list actions in the taskbar on Linux, or app shortcuts on Android. Combined with the easily accessible barcode scanmode mentioned last time it’s now just two clicks or taps to get ready for a ticket check.
