Skip to main content

Oh, the Who-manity: ‘Grinch’ security bug wreaks havoc on Linux

A glitch called “Grinch” after the perennially loathed yet beloved Dr. Seuss cartoon character has recently been found laying low in the depths of Linux source code. It has the catastrophic potential to let bad guys to seize remote control of any and all devices based on the platform. Including Android mobiles, which at their core have Linux roots planted in their software.

By “remote control” IT network security provider Alert Logic means total, unrestricted command over any data stored on liable systems, plus the ability to install and execute trojans and other malware contents from a distance.

Recommended Videos

The way Grinch works is by allowing access to the su (aka super user) command, and letting unauthorized individuals manipulate the wheel group assigned by default to the legit admin of the system. This results in privilege escalation which ultimately gives the attacker full access to all system functions.

That sounds a lot like Shellshock’s mischievous capacity. However, according to Stephen Coty, Alert Logic’s Chief Security Evangelist, Linux admins and users can dodge attacks and remove all risk by implementing stronger methods of authentication and authorization.

Users can do this through PolKit, a policy management tool in Linux. To be frank, the settings users need to change to thwart to the Grinch are a bit over our heads, so we recommend you check out this recently broadcasted webinar about the “Grinch” flaw.

If you take authorization one step forward, and switch the default wheel assignment, you should stay clear of the green baddie with a heart two sizes too small, and enjoy your holidays in peace. Probably. Most likely. Hopefully.

Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
Upgrade to this Alienware 4K QD-OLED gaming monitor while it’s $300 off
Cyberpunk 2077 being played on the Alienware 32 QD-OLED.

The powerful machine you purchased from gaming PC deals should be paired with a premium display, and the 32-inch Alienware 4K QD-OLED gaming monitor comes with our stamp of approval. It's also on sale from Dell right now, with a $300 discount slashing its price from $1,200 to only $900. That's a steal when you consider the capabilities of this screen, so you're going to have to hurry with your purchase as stocks may run out at any moment.

Why you should buy the 32-inch Alienware 4K QD-OLED gaming monitor

Read more
Living without antivirus? Grab Avast Premium while it’s 70% off
A couple on a couch using a tablet.

I've been using the free version of Avast antivirus software for well over a decade now. It's always among the first batch of downloads I grab when I get a new laptop. Our reviewers even gave Avast One for Mac a 9 out of 10 review. But this week, Avast has a compelling offer that will convince freeloaders like me to get the paid version of Avast.

Right now, Avast Premium has an incredible 70% discount. That drops the price of one device from $80 per year to $23.40, or just under $2 per month. If you want to cover 10 devices, the price is only slightly higher, at $30 per year, or $2.50 per month. If you've been using the free version of Avast for a while, or you haven't been using antivirus software at all, this is a deal you need to check out.

Read more
Why macOS Tahoe is a big deal for Intel Macs
Apple unveiling macOS Tahoe at WWDC 2025.

Apple’s WWDC event kicked off on Monday with the usual slew of fresh announcements and updates showcasing the company’s software plans for the year ahead.

And as with every WWDC keynote, the upcoming shift to new software also signaled diminishing support for older Apple devices.

Read more