UPDATE: Linux bug puts tens of millions of PCs and Android devices at risk
Good news for all Android users: Google has already a patch ready. According to Adrian Ludwig they “[…] have prepared a patch, which has been released to open source and provided to partners today. This patch will be required on all devices with a security patch level of March 1 2016 or greater.”
But that’s not all. Ludwig also states that they “believe that no Nexus devices are vulnerable to exploitation by 3rd party applications. Further, devices with Android 5.0 and above are protected, as the Android SELinux policy prevents 3rd party applications from reaching the affected code. Also, many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in linux kernel 3.8, as those newer kernel versions not common on older Android devices.”
So the Android devices out there might be more of less safe after all.
CVE-2016-0728 sounds long and bulky and most people probably wouldn’t know what this string of random letters and numbers stands for.
While it looks rather innocent it actually isn’t. Behind the harmless string hides the brutal reality: A Linux bug that has been present in the operating system for almost three years and that can be used by cybercriminals to gain almost complete control of your device. The worst: It could not only affect millions of PCs but also more than 65% of all Android devices. I’m sure that if you weren’t worried before, you sure as heck are now.
The flaw itself resides in the operating system’s keyring – a feature that allows different application to store stuff like authentication apps, encryption keys, and other sensitive information. Thanks to the bug hackers could replace an item from said keyring with some other code which then would be executed by the kernel. Now let your imagination run rampant and think about what this could be used for!
The good news – according to the researchers at Perception Point, who discovered the bug – is that “neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild.” They recommend that security teams examine potentially affected devices and implement patches as soon as possible though.
According to The Register patches have been issued for the following affected distributions already:
- Red Hat Enterprise Linux 7.
- CentOS Linux 7.
- Scientific Linux 7.
- Debian Linux 8.x (jessie) and 9.x (stretch).
- SUSE Enterprise 12 (desktop, server and workstation flavours).
- Ubuntu 14.04 LTS (Trusty Tahr), 15.04 (Vivid Vervet), and 15.10 (Wily Werewolf).
- OpenSUSE Linux LEAP and 13.2.