Three dangerous runC Flaws could allow Threat Actors to escape Docker Containers.

Researchers at cloud security company Sysdig note that exploiting the three vulnerabilities "require the ability to start containers with custom mount configurations," which an attacker can achieve through malicious container images or Dockerfiles.

http://www.sysdig.com/blog/runc-container-escape-vulnerabilities

#runC #it #security #privacy #engineer #media #secure #programming #tech #developer #news

コンテナ実行にかかわる #runc にて3つの脆弱性(大きめ)が報告されています。
使用されている方々は要チェックです!
#Linux #コンテナ技術 #セキュリティ #security #news

https://www.itmedia.co.jp/enterprise/articles/2511/12/news040.html

Alert: Three critical runC vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) enable mount/symlink-based escapes that may redirect writes to /proc or other host targets. A successful exploit requires container start privileges via crafted mounts or malicious images/Dockerfiles. Patches: runC 1.2.8 / 1.3.3 / 1.4.0-rc.3+.
Detection & mitigation guidance:
• Patch runC immediately.
• Deploy rootless containers and enable user namespaces without host root mapping.
• Monitor for rapid symlink creation, unexpected bind mounts of /dev/null or /dev/console, and anomalous writes to procfs entries (e.g., /proc/sysrq-trigger).
• Harden CI/CD image provenance checks and disallow unverified custom mount configurations.
Share any YARA/OSQuery/Suricata rules you’ve validated — let’s collate detection patterns. Follow TechNadu for vetted technical advisories.

#containersecurity #runC #CVE #Kubernetes #Docker #threathunting #DFIR #DevSecOps

📰 Critical Container Escape Flaws in runC Threaten Docker & Kubernetes

🚨 CRITICAL VULNERABILITY: Three new flaws in runC, the core runtime for Docker & Kubernetes, allow for container escape. Attackers could gain host access. This is a major threat to cloud environments. Patch immediately! #runC #Docker #Kubernetes

🔗 https://cyber.netsecops.io/articles/critical-flaws-in-runc-container-runtime-threaten-docker-kubernetes/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

It's been a bit light on news over the last 24 hours, but we've got a couple of important updates: a widespread phishing scam targeting lost iPhone users and critical container escape vulnerabilities in runC. Let's dive in:

Lost iPhone Phishing Scam ⚠️

- The Swiss National Cyber Security Centre (NCSC) is warning iPhone users about a sophisticated phishing scam.
- Scammers are using information from a lost device's lock screen message (model, colour, contact details) to send convincing SMS or iMessage texts, claiming the phone has been found.
- The goal is to trick victims into entering their Apple ID credentials on a fake "Find My" website, allowing attackers to disable Activation Lock and potentially resell the device. Always ignore unsolicited messages and never click links; Apple will not contact you via SMS or email about a found device.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/lost-iphone-dont-fall-for-phishing-texts-saying-it-was-found/

Dangerous runC Container Escape Flaws 🛡️

- Three new vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) have been disclosed in runC, the container runtime used by Docker and Kubernetes.
- These flaws could allow an attacker to bypass container isolation and gain root-level write access to the underlying host system, primarily by exploiting issues with bind-mounts and /proc redirection.
- While exploitation requires the ability to start containers with custom mount configurations, organisations should update to runC versions 1.2.8, 1.3.3, 1.4.0-rc.3 or later, activate user namespaces, and consider using rootless containers as mitigation.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/dangerous-runc-flaws-could-allow-hackers-to-escape-docker-containers/

#CyberSecurity #ThreatIntelligence #Phishing #SocialEngineering #AppleID #Vulnerability #runC #ContainerSecurity #Docker #Kubernetes #InfoSec #CyberAttack #IncidentResponse

#Kubernetes: Newly disclosed #vulnerabilities in the #runC container runtime used in #Docker & Kubernetes (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) could be exploited to bypass isolation restrictions & get access to the host system (escape):
#k8s

https://www.bleepingcomputer.com/news/security/dangerous-runc-flaws-could-allow-hackers-to-escape-docker-containers/

Runc breaks pods when CPU requests aren't multiples of 10

https://github.com/opencontainers/runc/issues/4982

#HackerNews #Runc #CPU #issues #Kubernetes #Pods #Multiples #of #10 #Containerization