Zero-day flaw in Linux: At risk millions of PCs, Servers and Android device

Zero-day flaw in Linux: at risk millions of PCs, Servers and Android device. Discovered a new zero-day flaw present from version 3.8 of the Linux kernel. It allows you to unlock root permissions on PCs, smartphones and embedded devices.

For nearly three years, millions of servers and devices usually based on Linux kernel have been vulnerable to attacks that would allow for an app without privileges or a third party to obtain an almost complete control of the machine. Expects a fix by the end of the week, the difficulty in issuing updates typical of Android, also based on Linux, could leave phones and embedded devices be vulnerable for long periods.

The flaw was introduced on Linux version 3.8 released in early 2013. He resides in the OS keychain, the functionality required to store the encryption keys, tokens for authentication and other sensitive data in a completely secure, so that other applications installed on the system can access its content. To have revealed the existence of the vulnerability was the Perception Point signature, which has already spread to the specifications of the exploit the community of Linux developers.

The zero-day vulnerability is exploited in a wide choice of configurations: PCs and Linux servers, Android smartphone.

A bug of this type on the Linux kernel is of considerable magnitude since it can be exploited in a variety of configurations. On servers who has local access can exploit to get root permissions on the system. On smartphones with KitKat and later can allow malicious app to break into security sandboxes and receive the opportunity to check the most remote and critical operating system functions. The flaw can also be exploited on small devices based on embedded Linux.

Although there are measures to prevent or make more difficult, the execution of the exploit taking advantage of the new zero-day flaw, such as the prevention of access to the supervisor mode on servers or the latest safety mode on Android, it is protections that can still be circumvented according to researchers at security company.

” At the time of writing this vulnerability involves approximately tens of millions of Linux PCs and servers and 66% of all Android devices, whether smartphones or tablets, ” the researchers said Perception Point on the official blog. ” Although none of our team observed actually active exploits that take advantage of this vulnerability, it is recommended that experts examine the security the potentially affected devices, releasing security patches as soon as possible. ”

In the past, the distribution channels of malware focused their attention primarily on Windows, by far the most widely used in many consumer and enterprise categories. Over time, it has been paid more and more attention to competing platforms, with multiple malware also released Linux and Android mainly directed to the theft of sensitive data.

A vulnerability as that revealed by Perception Point leaves uncovered the possibility of developing potentially very harmful malware, especially if you release a fix in time by the various manufacturers and distributors of hardware.

The bug is indexed as CVE-2016-0728 and many Linux distributions should release security patches by next Thursday.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More