Another day, another big Android vulnerability revealed. A report from security firm Lookout informs us of a new threat that can permanently “compromise” a device, including Google’s Nexus handsets and tablets that usually run the latest version of Android. However, while the new threat can compromise many Android handsets, it’s likely it’s not actively used in attacks at this point.
Millions of Android handsets are at risk, Lookout discovered. The problem lies with a Linux vulnerability that was patched in April 2014. But even so, Android developers did not fix it even after the vulnerability received vulnerability identifier CVE-2015-1805 last February, Ars Technica reports.
Google is very much aware of the problem and it looks like at least one rooting app that could take advantage of the flaw has been discovered in the wild. Rooting Android devices is popular among power users, as the procedures gives them the liberty of further customizing their Android experience.
“An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code in the kernel,” said an Android security advisory last week. “This issue is rated as a critical severity due to the possibility of a local permanent device compromise and the device would possibly need to be repaired by re-flashing the operating system.”
The vulnerability is present in Android devices that use Linux kernel versions 3.4, 3.10 and 3.14, including Nexus 5 and Nexus 6 devices, as well as a large number of handsets coming from major manufacturer brands. Kernel versions 3.18 or higher are not susceptible to such attacks.
As Ars points out, the good news is that this vulnerability requires a local exploit, meaning that drive-by web attacks are “infeasible if not impossible.”
Google has updated the Verify Apps feature to make sure that devices block the installation of rooting apps that exploit the vulnerability, and the rooting app that can take advantage of the security hole is not available from Google Play.