A critical zero-day vulnerability has been discovered in the Linux kernel recently. This vulnerability could allow attackers to gain root level access on any Linux platform (including Android) by running a malicious application on an affected device.
How Was The Vulnerability Found?
A startup called Perception Point discovered the critical Linux kernel flaw labelled CVE-2016-0728. The scientists at Perception Point believe that the vulnerability existed in the code since 2012.
So what does it do exactly? In a nutshell, it affects any operating system with Linux kernel 3.8 and higher. That being said, there are millions of devices and machines out there that are running higher versions.
Furthermore, it does not matter if the device or machine is running a 32 bit or 64 bit operating system, because the vulnerability exists on all systems running the affected Linux kernel. Naturally, there are several millions devices out in the open that are running previous Android updates and those running KitKat and higher account for approximately 66 percent of all devices, meaning that such devices are also exposed to the serious Linux kernel flaw.
If An Attacker Took Advantage Of The Vulnerability?
For starters, there is not a lot of effort the attacker has to take in order to begin the exploitation process because all they require is local access on a Linux server. If the vulnerability has been successfully exploited, it can possibly allow attackers to get root access to the operating system, which will enable them to view all sorts of information. Additionally, while the attackers have gained root access, they will also be able to carry out other tasks like deleting sensitive files or installing malicious applications that can have terrible results.
It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine. With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon the patch is out. – Yevgeny Pats, co-founder and CEO at Perception Point
Despite the fact that flaws in Linux kernel are patched as soon as they are found, the zero-day vulnerability recently discovered in the Linux kernel made its way for almost 3 years. However, researchers have said that no exploits have been discovered as of yet that will let attackers take advantage of their evil intent, but it is always better to be safe than sorry. This is the reason why the news has already reached the Linux team, and patches are expected to roll out with automatic updates. The only problem right now is that it might take a little longer on Android devices to receive the patch, since most updates are not rolled out automatically by manufacturers and carriers.
I love iPhone peeple aaenge ab is post pe beshumaar.
We are talking about the operating system that (almost) powers the Internet. If you think of it in this way, iphones and osx look puny.
Acha bhai!
I’d like to see your reaction when a similar flaw is found in the BSD Kernel. This article is about the core component of many operating systems, not about devices.
“Understanding sarcasm is not a piece of cake.”
Proved again!
“Too many people try so hard to be sarcastic” :)
Agreed!
This vulnerability can only be exploited by local users or applications in android’s case. Which makes it less prone to attacks.
Also, all major linux distributions has published patches to fix this.
The author should have provided more details as to how this exploit works and how it will affect Android and other linux distribution users.
they will never do this because majority of the users would go in wrong way instead of learning and taking it positive… so let it to be covered….
Man, nothing is perfect. Everything made by man is flawed.