Hackers are exploiting a five-year-old flaw that lets them breach DVR devices.
The flaw has a 9.8 CVSS score.
- The vulnerability, tracked as CVE-2018-9995, affects older versions of runc and is caused by a flaw in the handling of file descriptors passed between processes.
- The flaw can be exploited by attackers to escalate their privileges on a targeted system and execute arbitrary code with root privileges.
- Researchers have observed several hacking groups, including Chinese state-sponsored actors, using the vulnerability in their attacks.
- While patches for the vulnerability have been available for several years, many systems remain unpatched, leaving them vulnerable to hackers.
- Researchers have warned system administrators to patch their systems and upgrade to the latest versions of runc to protect against this vulnerability.
