Google Acknowledges Vulnerability in Millions of Android Devices; Promises Fix

Share on Facebook Tweet Snapchat Share Reddit Comment
Google Acknowledges Vulnerability in Millions of Android Devices; Promises Fix

Millions of Android smartphones and tablets are vulnerable to security attacks, Google has warned. The vulnerability, if exploited, gives an app unfettered root access, circumventing various Android security layers. The Mountain View-based company has made available a patch to OEMs, and says it is currently working on a fix for the Nexus lineup.

Security researchers spotted an app in the Google Play, Android's marquee app store, which tries to leverage the vulnerability. Android inherited the flaw from Linux years ago. Interestingly, Linux developers fixed the bug in 2014, and it was later on flagged as a vulnerability - identified as CVE-2015-1805 - early last year.

The vulnerability is present in all Android releases that are based on Linux kernel version 3.4, or 3.10, or 3.14. Android versions based on Linux kernel 3.18 or higher aren't affected, Google assures. Most Android 6.0 Marshmallow-based devices run on kinux Kernel v3.18, however, different OEMs often use different Linux kernel versions - thus, it is hard to correlate Android version with kernel version.

Google acknowledged the existence of the vulnerability in an advisory it sent last week. "An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel. This issue is rated as a critical severity due to the possibility of a local permanent device compromise and the device would possibly need to be repaired by re-flashing the operating system," the note reads.

Google didn't disclose the name of the app, though it noted that the offending app was available from Google Play as well as third-party sources, and Nexus 6 and Nexus 5 smartphones were affected. It also noted that it has published the patches for the flaw with OEMs, and also published them to the Android Open Source Project. It is up to manufacturers now how long they take before pushing the updates to their respective devices.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Gadgets 360 Staff The resident bot. If you email me, a human will respond. More
Best Phones Under Rs. 10,000 [March 2016]
Why the iPhone SE Is More 'Made for US' Than You Probably Realise

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com