{"id":57242,"date":"2024-09-27T16:11:44","date_gmt":"2024-09-27T16:11:44","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/"},"modified":"2024-09-27T16:11:44","modified_gmt":"2024-09-27T16:11:44","slug":"that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/","title":{"rendered":"That doomsday critical Linux bug: It&#8217;s CUPS. May lead to remote hijacking of devices"},"content":{"rendered":"<p><span class=\"label\">Final update<\/span> After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.<\/p>\n<p>In short, if you&#8217;re running the Unix printing system CUPS, with cups-browsed present and enabled, you may be vulnerable to attacks that could lead to your computer being commandeered over the network or internet. The attacks require the victim to start a print job. Do not be afraid.<\/p>\n<p>The bugs were found and privately reported by software developer <a href=\"https:\/\/github.com\/evilsocket\" rel=\"nofollow\">Simone Margaritelli<\/a> who has now openly disclosed the security weaknesses <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.evilsocket.net\/2024\/09\/26\/Attacking-UNIX-systems-via-CUPS-Part-I\/\">in detail here<\/a>. This write-up is said to be part one of two or maybe three, so expect more info at some point.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>He went public today at 2000 UTC after seemingly becoming frustrated with the handling of his vulnerability reports by CUPS developers. No patches are available yet. Public disclosure was previously expected to be no later than September 30.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>What you need to know for now, according to Margaritelli, is:<\/p>\n<ul>\n<li>Disable and\/or remove the cups-browsed service.<\/li>\n<li>Update your CUPS installation to bring in security updates if or when available.<\/li>\n<li>Consider blocking access to UDP port 631, and blocking off DNS-SD, too.<\/li>\n<li>It affects &#8220;most&#8221; Linux distros, &#8220;some&#8221; BSDs, possibly Google ChromeOS, Oracle&#8217;s Solaris, and potentially others, as CUPS is bundled with various distributions to provide printing functionality.<\/li>\n<li>To exploit this across the internet or LAN, a miscreant needs to reach your CUPS service on UDP port 631. Hopefully none of you have that facing the public internet. The miscreant also has to wait for you to start a print job.<\/li>\n<li>If port 631 isn&#8217;t directly reachable, an attacker may be able to spoof zeroconf, mDNS, or DNS-SD advertisements to achieve exploitation on a LAN. Details of that path will be disclosed later, we&#8217;re promised.<\/li>\n<\/ul>\n<p>If you don&#8217;t have cups-browsed on your system, you&#8217;re good. If you don&#8217;t need CUPS, consider removing it all from your computer just to be safe. If you never print anything, you&#8217;re probably also good.<\/p>\n<p>How would a vulnerable system be hijacked? &#8220;A remote unauthenticated attacker can silently replace existing printers\u2019 (or install new ones) IPP URLs with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer),&#8221; says Margaritelli.<\/p>\n<h3 class=\"crosshead\">Two libraries, one CUPS<\/h3>\n<p>Breaking it down further, here are the four bugs Margaritelli has so far publicly documented:<\/p>\n<ol>\n<li><strong>CVE-2024-47176<\/strong> in cups-browsed up to version 2.0.1. This listens on UDP port 631, trusts &#8220;any packet from any source,&#8221; and will use that data to fire off an IPP request to an attacker-controlled URL.<\/li>\n<li><strong>CVE-2024-47076<\/strong> in libcupsfilters up to version 2.1b1. This does not validate the attributes returned by that above IPP request, allowing an attacker to pipe malicious data into the victim&#8217;s CUPS system.<\/li>\n<li><strong>CVE-2024-47175<\/strong> in libppd. This also does not validate those IPP attributes when writing them to a temporary PPD file.<\/li>\n<li><strong>CVE-2024-47177<\/strong> in cups-filters up to version 2.0.1. This will execute arbitrary commands from data in a PPD file.<\/li>\n<\/ol>\n<p>Chaining those together, you can send a packet to UDP port 631 on a target vulnerable machine, make that computer reach out to a server you control, have that server feed a payload of commands as data to the target to then write to a PPD temporary file, and then when the user starts a print job, it triggers execution of those commands from that file.<\/p>\n<p>Neat, and we can see how this might, just might, ruin an office or lab worker&#8217;s day, but it&#8217;s overall not Earth shattering. Margaritelli has confirmed user interaction by the victim is required (they need to start a print job) and has hinted that a buffer overflow might be able to start that job remotely, but so far, that&#8217;s not been disclosed or developed as an exploit. Margaritelli also spoke of other bugs as-yet unrevealed.<\/p>\n<p>Take all the above info and decide for yourself how at-risk you are, and what steps to take. Us vultures simply removed cups-browsed from our Linux boxes. Margaritelli reckons there are a few hundred-thousand at-risk devices on the public internet.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>He previously complained in a social media <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/threadreaderapp.com\/thread\/1838169889330135132.html\">thread<\/a> that his bug reports weren&#8217;t being taken seriously enough, and decided to go fully public after feeling that he was hitting resistance from fellow developers. He <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/evilsocket\/status\/1838169889330135132\">warned<\/a> he would reveal all about a vendor-rated 9.9-out-of-10 CVSS severity hole in Linux.<\/p>\n<p>It now appears an engineer at IBM&#8217;s Red Hat had reckoned at least one of the bugs was a 9.9 \u2013 making it a doomsday flaw \u2013 though given the user interaction needed, we believe the exploit chain should be considered less than highly critical. In his write-up today, Margaritelli said he thinks 9.9 is too high, too.<\/p>\n<p>&#8220;Impact-wise I wouldn\u2019t classify it as a 9.9, but then again, what the hell do I know?&#8221; he wrote.<\/p>\n<p>Prior to today&#8217;s disclosure, watchTowr CEO and founder Benjamin Harris <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/feed\/update\/urn:li:activity:7245132773902983168\/\">opined<\/a> this is &#8220;not the watershed moment it has been made out to be.&#8221;<\/p>\n<p>After we all learned more about the CUPS issues, he urged organizations to &#8220;immediately determine their exposure before they are forced to respond to an inevitable breach\/cyber security incident,&#8221; but also noted &#8220;the vulnerability impacts less than a single-digit percentage of all deployed internet-facing Linux systems.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;I continue to strongly believe that rapid reaction to emerging threats like this is one of the most powerful capabilities security teams should be leveraging and arming themselves with to prevent security breaches,&#8221; he told <em>The Register<\/em>.<\/p>\n<p>&#8220;Now that the information about these vulnerabilities is public, the &#8216;bad guys&#8217; will certainly be weaponizing this vulnerability to gain access to vulnerable systems.&#8221;<\/p>\n<h3 class=\"crosshead\">My CUPS over runneth<\/h3>\n<p>In addition to exposing those vulnerabilities, Margaritelli&#8217;s write-up also highlighted flaws in the bug-reporting process, Sonatype CTO Brian Fox told <em>The Register<\/em>. Notably, someone was able to leak Margaritelli&#8217;s private disclosures to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.kb.cert.org\/vince\/\">CERT VINCE<\/a>, intended for vendors, to a cyber-crime forum where it was shared on Tuesday.<\/p>\n<p>&#8220;The details of this report were leaked publicly, forcing a rushed disclosure instead of an orderly path and rollout process,&#8221; Fox added, noting that Margaritelli <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/x.com\/evilsocket\/status\/1839394449346154690\">had earlier raised<\/a> the alarm of a leak.<\/p>\n<p>&#8220;We should strive to make vulnerability disclosures more like hurricane warnings \u2014 providing timely and actionable information \u2014 and less like unexpected tornadoes that leave no time for preparation,&#8221; he said. &#8220;While these disclosures might sometimes seem exaggerated, it&#8217;s far better to be forewarned and ready than to be caught off guard by an unforeseen &#8216;tornado&#8217; of security breaches.&#8221; \u00ae<\/p>\n<h3 class=\"crosshead\">Addendum<\/h3>\n<p>Ubuntu maker Canonical has issued <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/ubuntu.com\/blog\/cups-remote-code-execution-vulnerability-fix-available\">an advisory here<\/a>, saying the bugs can be used to form a &#8220;high-impact exploit chain.&#8221;<\/p>\n<p>&#8220;The exploit chain is not completed unless a print job is sent \u2013 so if you never print, no command execution could have happened, even if the vulnerable packages were installed and a malicious actor attempted the exploit,&#8221; the distro maker noted.<\/p>\n<p>Assume security updates are to follow, and to install, to close the flaws, and see the Ubuntu write-up for mitigations.<\/p>\n<p> <em><strong>Editor&#8217;s note:<\/strong> Following disclosure of the bugs at 2000 UTC, September 26, this article was rewritten from <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/web.archive.org\/web\/20240926190723\/https:\/\/www.theregister.com\/2024\/09\/26\/unauthenticated_rce_bug_linux\/\">this version<\/a> to <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/web.archive.org\/web\/20240926224208\/https:\/\/www.theregister.com\/2024\/09\/26\/unauthenticated_rce_bug_linux\/\">this<\/a> at 2050 UTC in light of new information. It was then further revised at 0035 UTC, September 27, to this latest version. An addendum was added at 1600 UTC, September 27.<\/em>\n<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/09\/26\/cups_linux_rce_disclosed\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>No patches yet, can be mitigated, requires user interaction Final update\u00a0 After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-57242","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>That doomsday critical Linux bug: It&#039;s CUPS. May lead to remote hijacking of devices 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"That doomsday critical Linux bug: It&#039;s CUPS. May lead to remote hijacking of devices 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-27T16:11:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"That doomsday critical Linux bug: It&#8217;s CUPS. May lead to remote hijacking of devices\",\"datePublished\":\"2024-09-27T16:11:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/\"},\"wordCount\":1236,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/\",\"name\":\"That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-09-27T16:11:44+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"That doomsday critical Linux bug: It&#8217;s CUPS. May lead to remote hijacking of devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/","og_locale":"en_US","og_type":"article","og_title":"That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-09-27T16:11:44+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"That doomsday critical Linux bug: It&#8217;s CUPS. May lead to remote hijacking of devices","datePublished":"2024-09-27T16:11:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/"},"wordCount":1236,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/","url":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/","name":"That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-09-27T16:11:44+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZvleBgP5xD-eCXvpC3Q19wAAAIA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/that-doomsday-critical-linux-bug-its-cups-may-lead-to-remote-hijacking-of-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"That doomsday critical Linux bug: It&#8217;s CUPS. May lead to remote hijacking of devices"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57242"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57242\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}