‘CrackArmor’ Vulnerability in AppArmor Impacts 12.6M Linux Systems
‘CrackArmor’ Vulnerability in AppArmor Impacts 12.6M Linux Systems
https://hackread.com/crackarmor-vulnerability-apparmor-linux-systems/
Publish Date: 2026-03-13 13:48:00
Source Domain: hackread.com
A major security issue has been found in AppArmor, a tool designed to protect Linux devices worldwide. The cybersecurity firm Qualys recently disclosed nine vulnerabilities affecting AppArmor, the default security enforcement system for popular platforms such as Ubuntu, Debian, and SUSE. According to researchers, these flaws have existed since 2017, starting with version v4.11, and currently put over 12.6 million enterprise systems at risk.
How the Confused Deputy Attack Works
To understand the problem, it helps to consider what researchers call the “confused deputy” flaw. In simple terms, this happens when a low-level user tricks a powerful program into doing something dangerous on their behalf. As researchers from the Qualys Threat Research Unit (TRU) noted in the blog post shared with Hackread.com, this is like an intruder convincing a building manager with master keys to unlock a private vault for them.
By tricking trusted tools like Sudo or Postfix, an attacker can write to hidden pseudo-files in the system. This allows them to bypass safety boundaries and gain root access and the highest level of control over a computer.
The research, led by Saeed Abbasi from Qualys TRU, shows hackers can even break out of containers, which are supposed to be isolated environments for running apps safely. These failures can happen silently, as a system might lose its protection without the administrator ever being alerted.
Source: Qualys
Serious Risks to Global Infrastructure
The discovery points to a major problem for banking, healthcare, and telecommunications. An attacker can cause a denial of service (DoS), which crashes the computer by exhausting its memory. They can also load deny-all settings to block staff or remove protections from background services.
It is worth noting that these flaws align with the methods of state-sponsored hackers who prioritise destruction over spying. Consequently, CISA and DHS have issued emergency…
