SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
20 Jan 2016

Linux zero-day affects most Androids, millions of Linux PCs

A new zero-day vulnerability has been discovered that allows Android or Linux applications to escalate privileges and gain root access, according to a report released this morning by Perception Point.

"This affects all Android phones KitKat and higher," said Yevgeny Pats, co-founder and CEO at security vendor Perception Point. Any machine with Linux Kernel 3.8 or higher is vulnerable, he said, including tens of millions of Linux PCs and servers, both 32-bit and 64-bit.

Although Linux lags in popularity on the desktop, the operating system dominates the Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world's supercomputers. Using this vulnerability, attackers are able to delete files, view private information, and install unwanted programs. According to Pats, this vulnerability has existed in the Linux kernel since 2012.

Pats said that the Linux team has been notified, and patches should be available and pushed out soon to devices with automatic updates. Perception Point has also created proof of concept code that exploits this vulnerability to gain root access. So far, Pats said, no exploits have been observed in the wild that take advantage of this vulnerability.

That may change, however, as news of the vulnerability spreads and some devices take longer to be patched than others. "We recommend that security teams examine potentially affected devices and implement patches as soon as possible," the company said. According to Pats, the vulnerability is related to the keyrings facility, a way for drivers to save security data, authentication keys, and encryption keys in the kernel.

The new keyrings vulnerability is currently known only by its identification number, CVE-2016-0728. The new vulnerability disclosure comes on the heels of of a whole batch of Android vulnerabilities that Google fixed just last week, including several kernel privilege escalation vulnerabilities. Five of the critical vulnerabilities patched were related to bugs in the kernel drivers or the kernel itself.

Google does not allow applications that root Android devices to be distributed through the Google Play store, but some slip through the vetting process -- or are downloaded through unofficial app stores. Some users deliberately root their phones in order to gain capabilities not typically available on Android.

Tags:
Linux Android information leaks
Source:
CSO Online
2059
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015