photo lineviral_1.png
» » Android Vulnerability Allows Attackers Rootage Access

Android Vulnerability Allows Attackers Rootage Access

In an Android Security Advisory issued on March 18th, Google revealed it was notified of at to the lowest degree i unidentified rooting app available inwards Google Play as well as third-party marketplaces using a local elevation of privilege vulnerability inwards the Linux heart as well as person of Android devices. This Android vulnerability advisory was published but earlier FBI hacked iPhone using an unknown vulnerability.


Google advisory states:


Google has croak aware of a rooting application using an unpatched local elevation of privilege vulnerability inwards the heart as well as person on roughly Android devices (CVE-2015-1805). For this application to touching on a device, the user must outset install it. Google already blocks installation of rooting applications that purpose this vulnerability both inside Google Play as well as exterior of Google Play using Verify Apps, as well as convey updated our systems to respect applications that purpose this specific vulnerability.


In an Android Security Advisory issued on March Android vulnerability allows attackers rootage accessTo render a in conclusion layer of defense strength for this issue, partners were provided alongside a piece for this lawsuit on March 16, 2016. Nexus updates are existence created as well as volition survive released inside a few days. Source code patches for this lawsuit convey been released to the Android Open Source Project (AOSP) repository.


This Android vulnerability exists inwards all Android devices that purpose Linux heart as well as person versions 3.4, 3.10, as well as 3.14, which includes Google’s ain Nexus trouble of smartphones.


While the põrnikas was fixed inwards Apr 2014, Google said it wasn’t aware the vulnerability was a safety lawsuit until in conclusion month, when Core Team researchers notified the companionship the põrnikas could survive exploited on Android.


On March 15, 2016 Google received a study from Zimperium that this vulnerability had been abused on a Nexus five device. Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus five as well as Nexus six to render the device user alongside rootage privileges.


Mitigations


The next are mitigations that cut down the likelihood users are impacted past times this issue:



  • Verify Apps has been updated to block the installation of applications that nosotros convey learned are attempting to exploit this Android vulnerability both inside as well as exterior of Google Play.

  • Google Play does non let rooting applications, similar the i seeking to exploit this issue.

  • Android devices using Linux heart as well as person version 3.18 or higher are non vulnerable.


Acknowledgements


Android would similar to give cheers the C0RE Team as well as Zimperium for their contributions to this advisory.


Buat lebih berguna, kongsi:
close