A recent report from Perception Point claims that a vulnerability in the Linux kernel could affect millions of devices. Here's what you need to know.
Image: iStockphoto/frentusha |
Security firm
Perception Point recently discovered a privilege escalation vulnerability in
the Linux kernel that has gone unchecked since 2012.
On Tuesday, the Perception Point research team penned a blog post explaining the bug and walking through their proof-of-concept exploit, as well as
noting that the bug had been reported to those maintaining the kernel.
The bug, listed by Perception Point as CVE-2016-0728, affects the
keyring facility in Linux Kernel version 3.8 and higher. The problem is that it
allows drivers to retain and cache encryption and authentication keys, as well
as other security data in the kernel. Due to the sensitive nature of what it
holds, the keyring facility is supposed to be inaccessible by other user-space
applications.
Basically, what this means is that a user or application without proper
permissions may still be able to gain access to root.
Being that the Linux kernel is the foundational piece of all Linux-based
operating systems, including Android, the implications are huge.
According to the blog post: "As of the date of disclosure, this
vulnerability has implications for approximately tens of millions of Linux PCs
and servers, and 66 percent of all Android devices (phones/tablets)."
Hopefully, a security patch will be released soon. If you are a Linux
user, make sure you update your kernel as soon as you can to protect against
this vulnerability.
For Android users, the bug affects Android version 4.4 (KitKat) and
later. Currently, that covers 69.4% of all Android devices, although the number was originally listed by Perception Point as 66%.
The implications for Android users are that, if exploited, the bug could
allow another application to take over core OS functions on your device—not
good. The problem is further compounded by the fragmentation of the Android ecosystem, and the often difficult process of receiving updates. Google finally
rolled out a plan for monthly Android updates back in August 2015, but that still doesn't account for the
plethora of obstacles and delays that come from specific vendors.
There is a silver lining to all this, though. According to Perception
Point, neither their research team, nor the Kernel security team have seen any
known exploit "targeting this vulnerability in the wild." However,
the research team did recommend that security teams take a look at any devices
in their portfolio that could have been affected and respond immediately.
~ Conner Forrest
0 comments:
Post a Comment