Users of Android mobile devices and Linux-based computers have had three years of risky experience with their devices as security researchers at Perception Point discovered a critical vulnerability in the Linux kernel that attackers could have used to their advantage to penetrate those devices.
The Linux vulnerability was caused by an anomaly in what is called the kernel keyring facility and has enabled applications that operate under a local user to perform code execution in the Linux kernel. This has allowed any attacker who has access to a number of accounts on a Linux environment to expand their authority and root the device.
As the foundation of all operating systems built based on Linux, the Linux kernel’s keyring storage hides sensitive data like authentication and encryption within the facility in order to protect it from other users who have no authority to gain access to it.
According to the Perception Point researchers, they were able to determine a tricky path toward overwriting a keyring object with malicious files in order to execute the object after setting it free from its state as a still-referenced object. This vulnerability began to manifest itself in the version 3.8 of kernel, according to the researchers.
Although Linux plans to release updates intended to fix the vulnerability in its kernel, there will remain a number of related flaws such that automatic updates will be disabled on several Linux-based servers. One way to avoid getting tangled in such a dilemma is for system administrators to assess whether or not an update must be deployed. It will also prevent delays in critical software patches.
While Android devices are the most commonly known victims of this flaw, all other Linux-based architectures are in fact as much affected. If your system runs the kernel version that has been released more than three years ago, you are certainly exposed to attacks due to this flaw.
In the case of Android, affected versions include the Android 4.4 KitKat and later iterations of Google’s mobile operating system. That means nearly 7 out of 10 Android users are affected by the vulnerability.
And there is a lingering problem for users who wish to get immediate patches for any security flaws. Android has been known to have a massively diverse ecosystem, thus making it hard to roll out updates fast. Many users of Android will likely never get a patch for this particular vulnerability because of the fragmentation in Android, according to security researchers. That is so because majority of Android devices get software updates only for the first 18 months before these handsets are detached permanently from the support system.
Leave a Reply