Linux zero-day affects most Androids, millions of Linux PCs

19.01.2016
A new zero-day vulnerability has been discovered that allows Android or Linux applications to escalate privileges and gain root access, according to a report released this morning by Perception Point.

"This affects all Android phones KitKat and higher," said Yevgeny Pats, co-founder and CEO at security vendor Perception Point.

Any machine with Linux Kernel 3.8 or higher is vulnerable, he said, including tens of millions of Linux PCs and servers, both 32-bit and 64-bit. Although Linux lags in popularity on the desktop, the operating system dominates the Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world's supercomputers.

Using this vulnerability, attackers are able to delete files, view private information, and install unwanted programs.

According to Pats, this vulnerability has existed in the Linux kernel since 2012.

Pats said that the Linux team has been notified, and patches should be available and pushed out soon to devices with automatic updates. Perception Point has also created proof of concept code that exploits this vulnerability to gain root access.

So far, Pats said, no exploits have been observed in the wild that take advantage of this vulnerability.

That may change, however, as news of the vulnerability spreads and some devices take longer to be patched than others.

"We recommend that security teams examine potentially affected devices and implement patches as soon as possible," the company said.

According to Pats, the vulnerability is related to the keyrings facility, a way for drivers to save security data, authentication keys, and encryption keys in the kernel.

The new keyrings vulnerability is currently known only by its identification number, CVE-2016-0728.

The new vulnerability disclosure comes on the heels of of a whole batch of Android vulnerabilities that Google fixed just last week, including several kernel privilege escalation vulnerabilities. Five of the critical vulnerabilities patched were related to bugs in the kernel drivers or the kernel itself.

Google does not allow applications that root Android devices to be distributed through the Google Play store, but some slip through the vetting process -- or are downloaded through unofficial app stores. Some users deliberately root their phones in order to gain capabilities not typically available on Android.

(www.csoonline.com)

Maria Korolov