Google Fixes Kernel Vulnerability

Google Fixes Kernel Vulnerability

Google has began patching a security flaw in the Linux kernel that was discovered two years ago. It’s allowing users to gain full root access. Per Computer World, “Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges.” All unpatched Android phones are affected by this flaw.

The Register added that “On February 19, 2016, C0RE Team notified Google that the issue could be exploited on Android and a patch was developed to be included in an upcoming regularly scheduled monthly update.”

When news was received that Google was releasing an emergency patch, it was believed to have addressed the potential new Stagefright flaw, but eWeek and other publications have confirmed that it was to fix the Linux kernel vulnerability.

Our Analysis

Rooting allows Android users to bypass the security restrictions enforced by Android and take full control of their devices. It’s also used to removed bloatware that is added if your device is on a network such as Verizon or AT&T. The main priority for most in regards to rooting is to take control of device and flash ROMs, like Android Marshmallow early before their device is set to receive it over the air. However rooting is also abused by malware. This is mostly done when downloading apps through third-party applications.

It’s great that Google is releasing emergency patches to address security flaws, but it’s also disheartening to see that it took over two years before this came about. Google has shared the patches to device manufacturers and have been published to the Android Open Source Project (AOSP). It is best practice to leave the current Operating System that comes “stock” on your device and download all updates through your carrier when present. It’s also best to download all of your apps through the Google Play store while having the Verify Apps setting turned on.

Other APS Posts

Ransomware Hits Mac Computers
Tesla and Chrysler (unrelated to each other)
U.S. Office of Personnel Management (OPM)
Ashley Madison
Ashley Madison (follow up)


Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

References

The Register
eWeek
Computer World


Enter your email address:


Delivered by FeedBurner


Subscribe to our mailing list

* indicates required







About Scott Entsminger

Scott Entsminger was born and raised in Virginia. He graduated from Radford University with a Bachelor’s of Science in Criminal Justice. Scott has worked for the Department of Defense since graduating college. He is an expert in Windows Administration; with specific experience in Group Policy and vulnerability remediation. He also has specific experience in Information Assurance (IA) and Cyber Security.

Scott holds the CompTIA Security+ certification. He is always looking to diversify his skillset. Scott is an avid sports fan, particularly baseball. He also is an avid gamer and enjoys learning different skills involving his PC.