A major security issue has been found in AppArmor, a tool designed to protect Linux devices worldwide. The cybersecurity firm Qualys recently disclosed nine vulnerabilities affecting AppArmor, the default security enforcement system for popular platforms such as Ubuntu, Debian, and SUSE. According to researchers, these flaws have existed since 2017, starting with version v4.11, and currently put over 12.6 million enterprise systems at risk.
How the Confused Deputy Attack Works
To understand the problem, it helps to consider what researchers call the “confused deputy” flaw. In simple terms, this happens when a low-level user tricks a powerful program into doing something dangerous on their behalf. As researchers from the Qualys Threat Research Unit (TRU) noted in the blog post shared with Hackread.com, this is like an intruder convincing a building manager with master keys to unlock a private vault for them.
By tricking trusted tools like Sudo or Postfix, an attacker can write to hidden pseudo-files in the system. This allows them to bypass safety boundaries and gain root access and the highest level of control over a computer.
The research, led by Saeed Abbasi from Qualys TRU, shows hackers can even break out of containers, which are supposed to be isolated environments for running apps safely. These failures can happen silently, as a system might lose its protection without the administrator ever being alerted.
Serious Risks to Global Infrastructure
The discovery points to a major problem for banking, healthcare, and telecommunications. An attacker can cause a denial of service (DoS), which crashes the computer by exhausting its memory. They can also load deny-all settings to block staff or remove protections from background services.
It is worth noting that these flaws align with the methods of state-sponsored hackers who prioritise destruction over spying. Consequently, CISA and DHS have issued emergency bulletins to alert the energy, water, and defence sectors.
Qualys CTO Dilip Bachwani explained that these findings show we cannot always trust default settings, stating that “even the most entrenched protections can be bypassed without admin credentials.”
Immediate Steps for Safety
There are currently no official tracking numbers (CVEs) for these bugs, but experts warn not to wait. Qualys worked for months with teams from Ubuntu, Debian, SUSE, and Sudo to ensure fixes were ready before going public. To stay protected, researchers recommend that administrators immediately apply the latest kernel patches from their software providers.
