Google recently issued a statement acknowledging the fact that millions of Android tablets and smartphones are vulnerable to a security threat. This vulnerability can provide unchecked root access to any App, flouting all security layers. Google has released a patch to OEMs and is currently working on a fix for the Nexus devices.
Security researchers even spotted an app in the Google Play which was exploiting this vulnerability. Android had got this flaw years ago from Linux, which, however, resolved this issue back in 2014 and later flagged this as a vulnerability last year, it was named CVE-2015-1805.
This vulnerability is present on all Android devices based on Linux kernel version 3.4 or 3.10 or 3.14. Google has, however, assured that Android versions based on Linux kernel 3.18 or higher are safe. Most Android Marshmallow based devices, notably, run on Linux Kernel v3.18, however, different OEMs base their Android version on different Kernel versions, so it’s a bit difficult to say accurately regarding which Android version is based on which Linux Kernel version.
Google said in its official statement last week, “An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel. This issue is rated as a critical severity due to the possibility of a local permanent device compromise and the device would possibly need to be repaired by re-flashing the operating system.”
Google, however, didn’t reveal the name of the concerned app which was available on Google Play Store as well as third-party sources and it also noted that the Nexus 6 and Nexus 5 devices were affected by this. Google has released patches to rectify this and has also published them on the Android Open Source Project. It is upon the manufacturer’s sweet will now regarding when they would roll out this update for their devices.