10 old software bugs that took way too long to squash – CSO Online

In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years oldand there was no patch available, and no expectation that one would be forthcoming.

Fortunately, that's because the system in question was Marvin Minsky's 1967 implementation of a Universal Turing Machine, which, despite its momentous theoretical importance for the field of computer science, had never actually been built into a real-world computer. But in the decade or so after Minsky's design, the earliest versions of Unix and DOS came into use, and their descendants are still with us today in the 21st century. Some of those systems have had bugs lurking beneath the surface for years or even decades.

Here are ten noteworthy and venerable bugs that were discovered in recent years.

Age: 7 yearsDate introduced: 2010Date fixed: 2017

Way back in 2011, security researcher Ralf-Philipp Weinmann discovered a recently introduced flaw in the baseband processor used in mobile phones that could conceivably be used in an attack: hackers could set up a fake cell tower, trick the phone into connecting to it, and then hijack its network connection. The flaw was corrected relatively quickly by cell phone manufacturers and then just as quickly forgotten about.

There was one problem: cell phones weren't the only devices that used those chips. "Essentially, the same cellular baseband chipset was in the telematics unit in the Nissan Leaf and a variety of other vehicles," says Jesse Michael, Principal Cyber Security Researcher at security firm Eclypsium. Several researchers (who would go on to join Eclypsium) discovered the vulnerability by experimenting with a car they got from a junkyard.

View post:

10 old software bugs that took way too long to squash - CSO Online