Last there is information about serious error in the Linux kernel. Google quickly issued a patch for Android, which has provided device manufacturers. Certainly the air of weeks before device manufacturers make available updates containing the amendment. Google says that this is not a serious threat because the error does not apply to the majority of Android devices.
Error allows increased powers, which allow an attacker to take control of systems-based on the Linux kernel. The attack is possible to carry out, if the attacker has available a user account with limited privileges or launch malicious application on the vulnerable system. The threat is detected by Perception Point, dealing with security. The researchers informed about the error developer responsible for the Linux kernel and Red Hat on Tuesday (01/19/2016). Not contacted while Android security team, despite the fact that about 66% of all Android devices were potentially affected. Determining the amount susceptible to the vulnerability of devices it was based on the fact that the bug affects all versions of Linux that contain kernel since version 3.8. Holes kernel to be used on Android version 4.4 (KitKat).
See also:
In most products Android, used by the device version of the kernel, more It depends on the choice of the manufacturer, than the installed version. Manufacturers do not always update the kernel, where create software based on newer versions of Android, especially for older versions of devices. Adrian Ludwig (chief safety engineer Android) argues that many Android devices 4.4 and earlier does not contain incorrect code is entered into the kernel 3.8. On the other hand, devices based on Android 5.0 (Lollipop) and newer are considered safe, even if you use the affected kernel. Security is provided by the module implemented SELinux (Security-Enhanced Linux). SELinux will prevent hostile use of the application error. According to Ludwig, none of the Google Nexus device is not vulnerable to the threat selected.
But opinion opposed to version Point Perception researchers who talk about being able to avoid SELinux security. Likewise, experts say Red Hat, who published a document confirming the lack of protection using SELinux. In addition, the document shows the possible ways to protect against the threat.
Google provided the information that the amendment to the indicated susceptibility will be required on all Android devices from 1 March 2016.
Subscribe to the Computerworld
Order now for free “
No comments:
Post a Comment