The CUPS explout is here: GitHub - RickdeJager/cupshax

cross-posted from: https://lemmy.zip/post/23601247

I hope this goes without saying but please do not run this on machines you don't own.

The good news:

• the exploit seems to require user action

The bad news:

• Device Firewalls are ineffective against this
• if someone created a malicious printer on a local network like a library they could create serious issues
• it is hard to patch without breaking printing
• it is very easy to create printers that look legit
• even if you don't hit print the cups user agent can reveal lots of information. This may be blocked at the Firewall

TLDR: you should be careful hitting print