Originally published at: Threat Research Blog
What is PwnKit Vulnerability CVE-2021-4034? On January 25th, 2022, a critical vulnerability in polkit’s pkexec was publicly disclosed (link), the Qualys research team named this vulnerability “PwnKit”. The polkit package is meant for handling policies that allow unprivileged processes to communicate with privileged processes on Linux systems. Pkexec is part of Polkit and handles the…