Symantec today announced that a Linux kernel exploit enabling scaling user privileges has been ported to Android. The vulnerability in question unfolded on May 14 and affected numerous Linux distributions using kernel 2.6. x.
Red Hat, Canonical and other distributions have patched vulnerabilities in Linux but Symantec has just confirmed that the exploit has been ported to Android and affects all the smartphones that use previous versions of Jelly Bean.
The vulnerability of the Linux kernel is known as CVE-2013 – 2094 and allows scaling of privileges. In the words of Symantec:
“The Android operating system normally executes applications in sandbox mode so it can not perform hazardous system operations or interfere with other installed applications.” “In the past, we have seen how malware using exploits escalated privileges to access data from other applications, prevent uninstalls, hide and also bypass Android permissions model and allow behavior such as sending SMS messages without authorization from the user premium”
Although Symantec has made it clear that the vulnerability affecting the Linux 2.6 kernel, the firm does not comment on the versions affected the mutated version of the exploit for Android.
The recommendation Symantec is to adhere to official sources of applications, like Google Play and avoid questionable security sources.
Ubuntu GNOME 14.04.2 LTS Lands with New Kernel and Lots of …
Website of Major Japanese Publisher Hacked, Visitors …