Premium Content
Read our exclusive articles

Ars Technica - All contentContinue reading/original-link]

Amazon is offering the SiriusXM Roady BT In-Vehicle Satellite Radio Kit for $69.99 shipped. Down 30% from its normal going rate at Amazon, today’s deal marks a new low that we’ve tracked there and is also the first discount all-time at the retailer. Designed to deliver in-vehicle entertainment, the Roady BT satellite radio installs in your car and connects to your stereo through Bluetooth, 3.5mm aux, or over a built-in FM transmitter. You can choose to mount it via a magnetic vent or dash adapter and there’s an additional mounting system that’s sold separately should you need it. Plus, it comes with a three month free trial of Sirius XM or you could opt for 12 months of the brand’s Platinum Programming Package for $99. Keep reading for more.

more…

The post SiriusXM Roady BT in-car satellite radio kit lets you tune in anywhere for $70 (First sale) appeared first on 9to5Toys.

Ars Technica - All contentContinue reading/original-link]

14.6 C
New York
[tds_menu_login guest_tdicon="td-icon-profile" logout_tdicon="td-icon-log-out" tdc_css="eyJhbGwiOnsibWFyZ2luLWJvdHRvbSI6IjAiLCJkaXNwbGF5IjoiIn19" toggle_txt_color="var(--news-hub-white)" menu_offset_top="eyJhbGwiOiIxOSIsImxhbmRzY2FwZSI6IjE3IiwicG9ydHJhaXQiOiIxNSJ9" menu_offset_horiz="eyJhbGwiOi02LCJsYW5kc2NhcGUiOiItMyIsInBvcnRyYWl0IjoiLTIifQ==" menu_horiz_align="content-horiz-right" menu_bg="var(--news-hub-black)" menu_uh_color="var(--news-hub-light-grey)" menu_uh_border_color="var(--news-hub-dark-grey)" menu_ul_link_color="#ffffff" menu_ul_link_color_h="var(--news-hub-accent-hover)" menu_ul_sep_color="var(--news-hub-dark-grey)" menu_uf_txt_color="var(--news-hub-white)" menu_uf_txt_color_h="var(--news-hub-accent-hover)" menu_uf_border_color="var(--news-hub-dark-grey)" f_uh_font_family="325" f_uh_font_line_height="1.3" f_links_font_family="325" f_links_font_line_height="1.3" f_uf_font_line_height="1.3" f_uf_font_family="325" menu_uh_padd="eyJhbGwiOiIyMHB4IDI1cHggMThweCIsImxhbmRzY2FwZSI6IjE1cHggMjBweCAxM3B4IiwicG9ydHJhaXQiOiIxMHB4IDE1cHggOHB4In0=" menu_ul_padd="eyJhbGwiOiIxOHB4IDI1cHgiLCJsYW5kc2NhcGUiOiIxNnB4IDIwcHgiLCJwb3J0cmFpdCI6IjhweCAxNXB4In0=" menu_ul_space="eyJhbGwiOiIxMCIsImxhbmRzY2FwZSI6IjgiLCJwb3J0cmFpdCI6IjYifQ==" menu_ulo_padd="eyJhbGwiOiIxOHB4IDI1cHggMjBweCIsImxhbmRzY2FwZSI6IjEzcHggMjBweCAxNXB4IiwicG9ydHJhaXQiOiI4cHggMTVweCAxMHB4In0=" menu_shadow_shadow_size="0" menu_arrow_color="rgba(255,255,255,0)" menu_width="eyJhbGwiOiIyMjAiLCJwb3J0cmFpdCI6IjE4MCJ9" show_version="" menu_gh_padd="eyJhbGwiOiIyMHB4IDI1cHggMThweCIsImxhbmRzY2FwZSI6IjE1cHggMjBweCAxM3B4IiwicG9ydHJhaXQiOiIxMHB4IDE1cHggOHB4In0=" menu_gc_padd="eyJhbGwiOiIxOHB4IDI1cHggMjBweCIsImxhbmRzY2FwZSI6IjEzcHggMjBweCAxNXB4IiwicG9ydHJhaXQiOiI4cHggMTVweCAxMHB4In0=" menu_gh_color="var(--news-hub-light-grey)" menu_gh_border_color="var(--news-hub-dark-grey)" f_gh_font_family="325" menu_gc_btn1_bg_color="var(--news-hub-accent)" menu_gc_btn1_bg_color_h="var(--news-hub-accent-hover)" menu_gc_btn2_color="var(--news-hub-accent)" menu_gc_btn2_color_h="var(--news-hub-accent-hover)" f_btn1_font_family="325" f_btn1_font_transform="uppercase" f_btn2_font_family="325" f_btn2_font_transform="uppercase" f_btn1_font_weight="700" f_btn2_font_weight="700" show_menu="yes" f_uf_font_size="eyJsYW5kc2NhcGUiOiIxMiIsInBvcnRyYWl0IjoiMTIifQ==" icon_color="var(--news-hub-white)" icon_size="eyJhbGwiOjIyLCJsYW5kc2NhcGUiOiIyMCIsInBvcnRyYWl0IjoiMTgifQ==" avatar_size="eyJhbGwiOiIyMiIsImxhbmRzY2FwZSI6IjIwIiwicG9ydHJhaXQiOiIxOCJ9" ia_space="eyJhbGwiOiIxMCIsImxhbmRzY2FwZSI6IjgiLCJwb3J0cmFpdCI6IjYifQ==" f_toggle_font_family="325" f_toggle_font_size="eyJhbGwiOiIxNCIsImxhbmRzY2FwZSI6IjEzIiwicG9ydHJhaXQiOiIxMiJ9" logout_size="eyJhbGwiOjE0LCJsYW5kc2NhcGUiOiIxMyJ9" f_uh_font_size="eyJsYW5kc2NhcGUiOiIxMyIsInBvcnRyYWl0IjoiMTIifQ==" f_links_font_size="eyJsYW5kc2NhcGUiOiIxMyIsInBvcnRyYWl0IjoiMTIifQ==" f_gh_font_size="eyJsYW5kc2NhcGUiOiIxMyIsInBvcnRyYWl0IjoiMTIifQ=="]

CD-indexing cue files are the core of a serious Linux remote code exploit

NewsTech

Published:

Reading time: 1 min.
Blank CD inserted into a laptop CD drive, with a spindle of blank CDs nearby.

Enlarge / Cue files used to be much better-known, back when we all used CD-Rs to make legal backup copies of material that we owned outright. (credit: Getty Images)

It has been a very long time since the average computer user thought about .cue files, or cue sheets, the metadata bits that describe the tracks of an optical disc, like a CD or DVD. But cue sheets are getting attention again, for all the wrong reasons. They're at the heart of a one-click exploit that could give an attacker code execution on Linux systems with GNOME desktops.

CVE-2023-43641, disclosed by GitHub on October 9, is a memory corruption (or out-of-bounds array writing) issue in the libcue library, which parses cue sheets. NIST has yet to provide a score for the issue, but GitHub's submission rates it an 8.8, or "High." While the vulnerability has been patched in the core library, Linux distributions will need to update their desktops to fix it.

GNOME desktops have, by default, a "tracker miner" that automatically updates whenever certain file locations in a user's home directory are changed. If a user was compelled to download a cue sheet that took advantage of libcue's vulnerability, GNOME's indexing tracker would read the cue sheet, and code in that sheet could be executed.

Read 5 remaining paragraphs | Comments

Ars Technica - All contentContinue reading/original-link]

ArsTechnica.com
ArsTechnica.com

Related articles

spot_img

Recent articles

spot_img

©Patti.tech 2022