Over the past few days, a couple of exploits for Linux and Mac OS X began circulating. Some of you may have seen e-mails purporting to be from the Red Hat Security Team. The e-mail contains a link to fedora-redhat.com and prompts users to download and install a patch for fileutils-1.0.6, stating that a vulnerability could “allow a remote attacker to execute arbitrary code with root privileges.” The “patch” actually contains malicious code that will compromise the system it is run on. Red Hat has a security note on the scam available.
Link: arstechnica.com
