Last Wednesday, a security researcher working under our bug bounty program found a way that they could access one account’s file storage from another by using the “Dirty Pipe” Linux kernel vulnerability. We put a mitigation system in place to stop that from happening, and then on Thursday we were able to patch the underlying issue. On Friday, another researcher found a similar issue, which the mitigation system we’d put in place originally made relatively harmless – we were able to patch that one within minutes.
↧
