Google Fixes Kernel Vulnerability
Google has began patching a security flaw in the Linux kernel that was discovered two years ago. It’s allowing users to gain full root access. Per Computer World, “Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges.” All unpatched Android phones are affected by this flaw.
The Register added that “On February 19, 2016, C0RE Team notified Google that the issue could be exploited on Android and a patch was developed to be included in an upcoming regularly scheduled monthly update.”
When news was received that Google was releasing an emergency patch, it was believed to have addressed the potential new Stagefright flaw, but eWeek and other publications have confirmed that it was to fix the Linux kernel vulnerability.
Rooting allows Android users to bypass the security restrictions enforced by Android and take full control of their devices. It’s also used to removed bloatware that is added if your device is on a network such as Verizon or AT&T. The main priority for most in regards to rooting is to take control of device and flash ROMs, like Android Marshmallow early before their device is set to receive it over the air. However rooting is also abused by malware. This is mostly done when downloading apps through third-party applications.
It’s great that Google is releasing emergency patches to address security flaws, but it’s also disheartening to see that it took over two years before this came about. Google has shared the patches to device manufacturers and have been published to the Android Open Source Project (AOSP). It is best practice to leave the current Operating System that comes “stock” on your device and download all updates through your carrier when present. It’s also best to download all of your apps through the Google Play store while having the Verify Apps setting turned on.
Other APS Posts
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.