Google spews critical Android patch as millions of gadgets hit by Linux kernel bug

Firmware update needed to sink blunder that lets apps hijack devices


Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices.

The vulnerability (CVE-2015-1805) affects all Android devices running Linux kernel versions below 3.18 – we're talking millions of gadgets and handhelds, here.

The vulnerability is a privilege elevation that lets apps execute arbitrary code in the kernel, allowing normal software to commandeer the hardware and install spyware, malware or legit custom firmware.

Affected users will need to re-flash their Android operating system to apply the fix. That can only be done with the help of manufacturers and carriers, which are lousy at distributing security patches in a hurry. Nexus phones and tablets can receive their updates direct from Google, though.

Google found an application that exploits the vulnerability to root Nexus 5 and 6 handsets. The Alphabet subsidiary did not say whether the application was malicious or an app to help users to root their Nexus devices to install non-official builds of Android.

Google has blocked the rooting app in its Play Store, while users of the latest Android operating systems will receive security flags warning of the rooting capabilities of the app. The search tsar distributed the patch to its phone manufacturer partners on 15 March ahead of today's general release.

"Google has become aware of a rooting application using an un-patched local elevation of privilege vulnerability in the kernel on some Android devices," the company said in an advisory.

"This is a known issue in the upstream Linux kernel that was fixed in April 2014 but wasn’t called out as a security fix. On February 19, 2016, C0RE Team notified Google that the issue could be exploited on Android and a patch was developed to be included in an upcoming regularly scheduled monthly update."

Android devices with a security patch level of April 2 are protected against the root exploit. ®


Other stories you might like

  • Meg Whitman – former HP and eBay CEO – nominated as US ambassador to Kenya

    Donated $110K to Democrats in recent years

    United States president Joe Biden has announced his intention to nominate former HPE and eBay CEO Meg Whitman as Ambassador Extraordinary and Plenipotentiary to the Republic of Kenya.

    The Biden administration's announcement of the planned nomination reminds us that Whitman has served as CEO of eBay, Hewlett Packard Enterprise, and Quibi. Whitman also serves on the boards of Procter & Gamble, and General Motors.

    The announcement doesn't remind readers that Whitman has form as a Republican politician – she ran for governor of California in 2010, then backed the GOP's Mitt Romney in his 2008 and 2012 bids for the presidency. She later switched political allegiance and backed the presidential campaigns of both Hillary Clinton and Joe Biden.

    Continue reading
  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has departed the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading
  • Canadian charged with running ransomware attack on US state of Alaska

    Cross-border op nabbed our man, boast cops and prosecutors

    A Canadian man is accused of masterminding ransomware attacks that caused "damage" to systems belonging to the US state of Alaska.

    A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out "cyber related offences" – including a specific 2018 attack on a computer in Alaska.

    The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation "that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol."

    Continue reading
  • German court rules cookie preference service that shared IP addresses with US firm should be halted

    Schrems II starts to be felt in Europe

    A German court has ruled that sharing IP addresses with US-based servers for the purpose of cookie consent is unlawful under EU data protection law and the EU Court of Justice Schrems II ruling.

    The university Hochschule RheinMain in Germany was this week prevented by Wiesbaden Administrative Court from using a cookie preference service that shares the complete IP address of the end user to the servers of a company whose headquarters are in the US.

    A complainant had alleged that the CookieBot consent manager from Danish provider Cybot transmitted data such that IP addresses were shared with US-based cloud company Akamai Technologies.

    Continue reading

Biting the hand that feeds IT © 1998–2021