Google issues an urgent correction and prohibits rooting applications from Google Play, but millions of Android smartphones are at risk from this rooting bug.
A bug discovered by 2014 has caused Google engineers sleepless nights as Google tries to eliminate rooting applications exploiting an unpatched Linux kernel bug affecting all Android devices. The bug puts millions of phones at risk, including the entire series of Nexus models, and allows hackers to run malicious code and take control of key operations almost permanently.
The defect, which is mainly a vulnerability of the Linux kernel, allows applications to obtain almost unlimited root access that bypasses the entire Android security mechanism. The error discovered by 2014 can be exploited by a local attacker who can gain privileges in affected systems. The programmers Linux the vulnerability of 2014 was repaired, but smartphones that were also vulnerable to the same vulnerability were never repaired.
The bug appeared again in 2015, and the CVE-2015-1805 Vulnerability ID was given in February of 2015. Google has tried to tackle and prohibit root-based apps available on Google Play that can easily exploit vulnerability. According to a counseling on Friday, anonymous rooting applications can lead to a permanent compromise of the device.
[button type = »link» link = »https://secnews.gr/102196/android-trojan-flash-player-kleboun-diapisteutiria/» size = »btn-big» variation = »btn-success»] Android Trojan and Flash Player steal credentials [/ button]
Google was forced to release the emergency patch after researchers from the security firm Zimperium reported last week that the bug had affected a Nexus 5. Google then confirmed that a rooting application available to the public could also endanger Nexus 6.
The company also updated the security feature in Android Verify apps to crawl root applications. Google notes that it did not see rooting applications being used for exploitation that is considered malicious. To endanger a device, the user must install the rooting application manually.
[button type = »link» link = »https://secnews.gr/102419/google-microsoft-yahoo-email-encryption/» size = »btn-big» variation = »btn-danger»] Google-Microsoft- Yahoo unites their forces for safer email [/ button]
Google also released a patch for other Android mobile manufacturers like LG, Samsung, HTC etc. and has also released repair for vulnerable kernels in the Open Source Android program.