Google Warns Of Vulnerability In Many Android Devices
Google has warned that millions of Android smartphones and tablets are vulnerable to security attacks. Android usually maintains a monthly security patch schedule, but Google has released an out-of-cycle fix for a serious vulnerability that affects a majority of devices. The company is working on a security update for Nexus devices and has released the patch for other OEMs to implement.
Google has admitted the existence of the vulnerability in a statement last week. The vulnerability is present in all Android releases that are based on Linux kernel version 3.4, or 3.10, or 3.14. Android versions based on Linux kernel 3.18 or higher aren’t affected, Google assures. Most Android 6.0 Marshmallow-based devices run on kinux Kernel v3.18, however, different OEMs often use different Linux kernel versions - thus, it is hard to correlate Android version with kernel version.
”An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel,” the note reads.
Google didn’t disclose the name of the app, though it noted that the offending app was available from Google Play as well as third-party sources, and Nexus 6 and Nexus 5 smartphones were affected.
Google originally intended to patch up the issue with an upcoming security patch, but a third-party security firm was able to abuse the vulnerability on a Nexus 5. Since then, a rooting app for the Nexus 5 and 6 that abuses the vulnerability has been made publicly available.
This issue is rated critical in severity due to its ability to execute arbitrary code “leading to local permanent device compromise.” Google notes that affected users would have to reflash the entire operating system, thereby losing their data, to fix the issue. In such a scenario, an individual could still be tricked into manually installing the app.
Google will release a security update in the coming days to Nexus devices, while it will be up to OEMs to implement the fix as soon as possible, the company said.
- Know Before Getting Your Cloud Architecture In Shape
- CISOs Should Help In Building Digital Trust With Consumers, Says Study
- Here's Why The Voice-First Strategy Will Rule
- Global Device Shipments To See Flat Growth This Year: Gartner
- Battling Cyber Risks With Intelligent Automation
- Ensuring A Secured Blockchain Ecosystem
- Here's What Businesses Without HTTPS Should Know This July
- Cyber GCCs In India At The Cusp Of Transformation
- What Google's Foray Into E-Commerce Means For India
- Have We Learnt A Lesson From Facebook-Cambridge Analytica Crisis?