Google has fixed a privilege escalation bug in OS Config, a Google Cloud Platform service for Compute Engine that manages operating systems running on virtual machine (VM) instances. An attacker could exploit the bug to gain root privileges, explained security researcher Imre Rad, who discovered the issue.
- The OS Config service, which is in beta, enables users to deploy, query, and maintain consistent configurations for a VM instance.
- Rad admitted that the exploit depends on external events and would be rare in the real world.
- Google fixed the bug by using a random temp directory instead of a predictable one for OS Config. Users are urged to upgrade their OS package.