We, along with many other websites, reported that a new Linux kernel flaw could make millions of Android devices vulnerable to attack if not patched immediately. We’re finding out today that the data released was not correct and most Android users need not worry about this flaw as most devices do not use the affected Linux kernel version. However, Google has whipped up a patch and released it to all OEM’s just in case they are running this version of the Linux kernel. The interesting thing is, the company that found the flaw contacted Red Hat and other Linux distributions about it but not the Android security team. The company included Android in its data of affected devices but didn’t bother to alert the team responsible for Android security — which is odd.
The privilege escalation vulnerability allows attackers to gain full control over Linux-based systems if they have access to a limited account or trick users into running a malicious application. It was found by researchers from Israeli threat defense start-up Perception Point.
“Many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in Linux kernel 3.8, as those newer kernel versions [are] not common on older Android devices,” he said in a blog post.
The Android SELinux policy in these versions prevents third-party applications from reaching the affected code, he said, adding that none of Google’s Nexus devices are affected either.
Basically most everyone should be safe, there may be a handful of issues with some devices here and there, but it’s looking like overall there shouldn’t be many — if any — issues. We’ve also gotten word through social media that most all other Linux flavors are patched or are in process of being patched so this flaw should be short lived with little to no damage done. The bigger picture though is that this serves as an example that no OS is safe. Flaws can be found in all operating systems and criminals are trying to exploit everything these days so it’s best to remain vigilant and safe no matter what system you use.