A bug has been discovered by Perception Point researchers that resides in Linux based devices ranging from PCs, servers, and Android mobile devices that grants unauthorized root access and control to underlying system functions. The bug has been indexed as CVE-2016-0728. Approximately 10 million PCs and servers running Linux and about 66% Android smartphones and tablets are affected.
The bug lies in the OS Keyring that was introduced in Linux kernel version 3.8 released in early 2013. This facility allows the storing of encrypted keys, authentication tokens, and other sensitive data to the kernel. To demonstrate the bug, the researchers created a proof-of-concept exploit that replaced the keyring object with code that can be executed by the kernel.
With this bug, users with local access to Linux servers can use this exploit and gain unfettered root access. In Android devices running Android version KitKat and later, a malicious app can bypass the security barrier in Android systems and gain control to the underlying OS.
Google makes a defense against this claim as Android 5.0 Lollipop devices have an additional security barrier called SELinux that would render this bug useless. In addition, Android 4.4 and earlier versions of Android uses a code older than Linux kernel 3.8, which means that it does not contain the bug pointed out by the researchers. Nevertheless, Google will still be issuing a patch to address this problem to all devices by March 1.
While most of the malware and viruses has been focused on the Windows system, attacks have been recorded to other OS as well. In 2014, researchers have found a powerful Linux Trojan that remained undetected for years and gathered data from government agencies and other pharmaceutical companies. Cases like this would mean that Linux based systems is still susceptible to security threats especially now that the CVE-2016-0728 bug has been identified. Major Linux distributors are expected to make a patch to zap this bug as early as Tuesday.
Source
No comments:
Post a Comment