The security company that this week made a public vulnerability in Linux and suggested that too was vulnerable 66% of Android devices, Google has not informed in advance. Adrian Ludwig pose of the Android development team. Also, the number of vulnerable Android devices, according to him is much lower.
Beveiligingsbedrijf Perception Point had discovered a vulnerability in the Linux kernel which allows a local attacker can gain root privileges on the system. In order to exploit the vulnerability an attacker must have local access to the system, or, for example, there must be a malicious application to be installed. The problem arose in Linux kernel 3.8 and later.
Although software developer Red Hat have previously been informed of the vulnerability, the Android development team was told nothing. Ludwig says that Google has now developed a patch that was distributed among partners. “This patch is required for all devices with a patch level of March 1, 2016 or later,” as Ludwig says. He also notes that many Android devices less vulnerable than Perception Point says.
Thus, Nexus handsets can not be attacked via the vulnerability by third party applications. Also, devices with Android 5.0 and protected thanks to Android SELinux. Furthermore, would also many devices with Android 4.4 and above do not contain the vulnerable code. The vulnerability was in fact introduced in Linux kernel 3.8, and these newer Linux kernels are not common on older Android devices.
No comments:
Post a Comment