Linux Mint developers acknowledged a flaw in the system after two children were able to unlock the operating system to play. The vulnerability, which enables cyber attacks, was disclosed in a bug report on GitHub.
On the platform, a user identified by the name robo2bobo stated that “a few weeks ago, my kids wanted to hack my Linux desktop, so they typed and clicked everywhere while I was behind them watching”. The problem is that the feat happened while the computer had the screen saver active.
In his report, he said that the children carried out the action not just once, but twice – which makes the problem even more worrying. In addition, he reportedly struggled to block the computer after action. For that, it was necessary to resort to opening a shell and performing actions manually. Just as children took advantage of the vulnerability to play, hackers can also do so to gain unlimited access to the machine.
Linux releases patch patch
In a statement, Linux said a patch was released to users last Wednesday (13). According to the leading developer of the operating system, Clement Lefebvre, the problem arose after the release of another patch that resolved a bug called CVE-2020-25712.
Lefebvre explained that the vulnerability occurs until the so-called libcaribou, a component of the on-screen keyboard (OSK) that accompanies Cinnamon, the desktop interface present in Linux Mint. The developer informed that the unlocking occurs the user presses the “e” key.
Finally, he clarified that Linux is looking at ways to allow the user to disable the screen keyboard. Because that, he said, would reduce the likelihood of future bugs.