A Linux flaw that has been creeping around for nearly three years, allows unprivileged apps or users to gain root access to Linux devices. According to Ars Technica UK this major flaw is finally going to be patched but that may take some time for the variety of devices it affects. Android phones and embedded devices usually take longer to patch and some may never see a fix in their future. Usually we’re talking about the latest Windows, OS X, Android or iOS flaws because Linux has generally not been in the spotlight, but that is changing. Malware creators are now unfurling their blanket to cover pretty much all OS’es and Linux is a good target since it is heavily used by government, schools and banks.
The flaw, which was introduced into the Linux kernel in version 3.8 released in early 2013, resides in the OS keyring. The facility allows apps to store encryption keys, authentication tokens, and other sensitive security data inside the kernel while remaining in a form that can’t be accessed by other apps.
“As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets),” Perception Point researchers wrote. “While neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild, we recommend that security teams examine potentially affected devices and implement patches as soon as possible.”
Linux PCs and servers should hopefully see the fix sooner than later, it’s the Android phones and tablets consumers might be worried about. OEM’s like Samsung, HTC, LG, Sony and others haven’t been well known for pushing out updates to phones in a timely manner. Older phones and tablets are even more concerning as the OEM’s pretty much ignore those entirely leaving most of them vulnerable.
What do you think of this Linux flaw? Are you a Linux guru? If so what do you have to add to this conversation? Is there more to consider here? Please comment below with your thoughts or on Google+, Facebook and Twitter.Source: Ars Technica UK