GNOME Project developers have released an update to the Yelp reference app that fixes a vulnerability that allowed users to escape from the Flatpak sandbox environment.
The issue was related to the handling of external URIs and Yelp's integration with application launch mechanisms. By opening a specially crafted document, an attacker could execute commands outside the sandbox, gaining access to the user's system with the privileges of the current user.
The vulnerability primarily affected scenarios in which Yelp was used within Flatpak applications or delivered as part of a sandbox environment. Remote exploitation depended on forcing the user to open a malicious help file or link.
The fix is already included in new versions of Yelp and is starting to appear in distribution packages. GNOME developers have also strengthened URI checks and restricted insecure methods for launching external handlers.
It's worth noting that the incident has once again drawn attention to the problems with desktop integration of sandbox mechanisms in Linux. Despite the isolation of Flatpak, bugs in desktop components and MIME/URI handlers remain one of the main ways to circumvent restrictions.
Source: linux.org.ru
