You Are Here: Home » Industry News » Linux bug to put millions of PCs and Android devices at risk

Linux bug to put millions of PCs and Android devices at risk

A four-year zero-day vulnerability in the Linux kernel offers full control of tens of millions of Linux PCs and 66 percent of all Android devices, according to news reports.

cve_2016_0728

Source: Perception Point

The CVE-2016-0728 flaw, introduced into the Linux kernel in version 3.8 of 2013, is caused by a leak in the OS keyring utility. This is responsible for retaining security data – authentication keys and encryption data in the kernel. By replacing a keyring object stored in memory, researchers have managed to exploit it to achieve complete root access.

On smartphones running Android KitKat and higher, the vulnerability can allow a malicious app to escape the security sandbox and gain control of underlying OS functions. It can also be exploited on devices and appliances running embedded versions of Linux.

And that is serious. Linux is used in the vast majority of systems used for Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world’s supercomputers. Once an attacker is able to exploit this vulnerability, he can delete files, view private information, and install unwanted programs, including malware.

Existing security protections for many servers make exploits harder to implement, but there are still ways to bypass them.

“While neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild, we recommend that security teams examine potentially affected devices and implement patches as soon as possible,” said researchers at Perception Point.

A patch for the vulnerability “should already be in preparation for Linux distributions,” according to a statement published on Linux.com.

About The Author

Security Specialist

Alexandra started writing about IT at the dawn of the decade – when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers’ mouse scrolls. Alexandra is also a social media enthusiast who `likes’ only what she likes and LOLs only when she laughs out loud.

Number of Entries : 238

Leave a Comment

© 2012 Powered By Bitdefender

Scroll to top