It was evince-thumbnailer that
was exploited, not Nautilus and certainly not Linux. This feature in
Nautilus exposes other systems to potential attacks, but Nautilus
itself was not shown as vulnerable in the demonstration. Nautilus
also has a configuration option which lets you choose if you want
this behavior or not, although I personally believe it shouldn't do
this at all when the screen is locked.
This is a vulnerability in Ubuntu (and probably other GNOME-based
distros), but it is completely erroneous to say that it's a
vulnerability in Linux, for two reasons: 1) The applications that
were exploited are in use on non-Linux systems (and will be equally
exposed), and 2) many Linux-systems doesn't use these applications at
all.
Bookmarks