Millions of Android tablets and smartphones have a vulnerability to security attacks, warns Google. If this vulnerability gets exploited, the app will get an unfettered root access and circumvent various security layers. A recent patch is now available for the OEMs, and it states that currently, it is working on a fix for Nexus range.
An app was spotted in Android’s marquee app store which tries leveraging this vulnerability. Android inherited this flaw from Linux years ago. Interestingly, the bug was fixed by the developers in the year 2014, and later it was flagged as a vulnerability.
Google Apps Vulnerability
Currently, this is seen in all Android releases that are based on the version 3.14, 3.10 and 3.4. It hasn’t affected Android versions that are based on Linux Kernel 3.18 or higher. However, different Linux Kernel versions are used by various OEMs. Thus, correlating Android version with Kernel version is complicated.
Google acknowledged this existence in an advisory that was sent by it last week. The note reads “An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel.
This issue is rated as a critical severity due to the possibility of a local permanent device compromise and the device would possibly need to be repaired by re-flashing the operating system.”
The name of the application wasn’t disclosed by Google even though it noted that its availability was seen on Google Play and also through 3rd party sources. Patches for this flaw have been published with OEMs.
Google Apps were facing a threat recently. Apparently, Google does not filter its apps as notoriously as Apple does. For this reason, many of the apps are malware. If you have a flashlight app that is about the size of 5MB you should delete them instantly because they spy on you.