Of course, other operating systems are vulnerable as well. The problem is more that for a long time the security model of Linux was that an attacker is interested in getting root access. This hasn't been true anymore since DDoS attacks, crypto mining, etc. became a thing. And in recent years, attacks have moved towards phishing, crypto lockers, etc. Though Linux for a long time still had the model that an application has the same rights as a user. As a result, virtually every app is able to use an audio device if the user has the right permissions and/or eavesdrop on other applications and limited possibilities for access control:
Similarly, X11 applications can snoop on keystrokes, mouse events, and other applications, etc.
Luckily, there has been a strong push to change things. E.g. Pipewire is going to provide access control for sound devices and cameras, Wayland provides more GUI isolation between applications, and Flatpak/Bubblewrap are introducing application sandboxing at a larger scale.
> X11 applications can snoop on keystrokes, mouse events, and other applications, etc
Not just "X11 applications" but any process that can open your X unix domain socket (usually at somewhere like /tmp/.X11-unix/X0) or, god help you, connect to tcp://localhost:$((6000 + $DISPLAY_NUMBER)).
https://www.freedesktop.org/wiki/Software/PulseAudio/Documen...
Similarly, X11 applications can snoop on keystrokes, mouse events, and other applications, etc.
Luckily, there has been a strong push to change things. E.g. Pipewire is going to provide access control for sound devices and cameras, Wayland provides more GUI isolation between applications, and Flatpak/Bubblewrap are introducing application sandboxing at a larger scale.