Jan 25, 2016 01:38 AM EST
After news of the Linux zero-day vulnerability came out and caused waves of alarm to reverberate throughout the tech world, Google has responded: It is now working on a patch that will be rolled out across all Android devices on March 1. Moreover, Adrian Ludwig, with a G+ post published in behalf of the Android Security Team, communicated that they believe that there’s a smaller percentage of Android devices affected.
The post from Adrian Ludgwig’s Google+ Account: https://plus.google.com/u/1/+AdrianLudwig/posts/KxHcLPgSPoY
Truth be told, The Register’s take on the matter may actually be correct: The current hardware used on Androids may not even be capable enough for a potential hacker to create as much data cycles as needed to get to exploit that vulnerability. What is more is that such an exploit may require that the potential hacker would have physical access to the device, and that’s not exactly such a probable thing, unless, of course, someone manages to develop a very sophisticated malware program that can be deployed remotely and will be able to impose as many cycles as 4,294,967,296 system calls on an Android.
By the time someone figures out how to code that, the Android Security Team may have already rolled out and applied the patch to Androids across the world.
The Register UK’s take on the CVE-2016-0728: http://www.theregister.co.uk/2016/01/19/linux_kernel_keyrings_get_privilege_escalation_patch/
On the other hand, an onlooker may find it off-putting that the Android Security Team at Google was rather defensive in its response. Engadget reported, in no uncertain terms, that “Google, […] fired back strongly at the claim.” The tech central also communicated its inference that Google may have done so “[…]Particularly because it wasn't given the usual window to address the flaw before it was publicly released.”
Whether that’s an accurate estimation of why Google “fired back strongly” or just a pure speculation on Engadget’s part is a moot argument, really. The fact remains that Google’s Android Security Team was caught off guard, and the report of the flaw went to press before it could craft a more diplomatic response, or one that reassures the public that they’re working on the task already.
In any case, there is a point from Adrian Ludwig’s G+ post that must not be missed: “[…]Many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in Linux kernel 3.8, as those newer kernel versions not common on older Android devices.”
Hopefully that part of Adrian Ludwig’s statement was not just released to appease concerned tech pundits, developers and end users alike. Hopefully they’re telling the truth and that their statement, “No Nexus devices are vulnerable to exploitation by 3rd party applications,” is also true.
The previous Droid Report on the CVE-2016-0728: http://www.droidreport.com/alarming-discovery-linux-bug-allows-access-root-bug-may-affect-android-phones-12394
The Engadget report on Google/The Android Security Team’s reaction: http://www.engadget.com/2016/01/21/google-denies-linux-flaw-is-a-serious-android-security-issue/
Jul 16, 2017
1. Jul 16, 2017
2. Jul 13, 2017
AMD Radeon RX Vega News, Update: 3 Variants Vega XTX, Vega XT and Vega XL Release Confirmed This Month
3. Jul 13, 2017
Samsung Galaxy Note 8 Releasing On August 23, Korean Sources Claim
4. Jul 13, 2017
Android Wear 2.0 Rolls Out To Asus Zenwatch 3
1. Jul 07, 2017
OnePlus 5 Latest Oxygen OS 4.5.5 Update Improves WiFi Stability, Improve Voice Calling & More
2. Jul 07, 2017
Apple To Launch Only OLED iPhones Starting 2018, Claims Report
3. Jul 07, 2017
BlackBerry Rolls Out July Android Security Update To BlackBerry Smartphones
4. Jul 07, 2017
Xiaomi Mi Mix 2 Featuring Snapdragon 835 & 6GB RAM Appeared on Geekbench, Specs and Features