:-) -yup, really not so bad as “everyone” first expected

Leave a comment

🙂 -yup, really not so bad as “everyone” first expected

#android #security #linux #vulnerability

Originally shared by Adrian Ludwig

On January 19th, 2016, Perception Point and Red Hat announced a security issue (CVE-2016-0728) in the mainline linux kernel that affects some Android devices. We have received some questions, so I want to quickly provide an update.

We have prepared a patch, which has been released to open source and provided to partners today. This patch will be required on all devices with a security patch level of March 1 2016 or greater.

In addition, since this issue was released without prior notice to the Android Security Team,  we are now investigating the claims made about the significance of this issue to the Android ecosystem.  We believe that the number of Android devices affected is significantly smaller than initially reported. 

We believe that no Nexus devices are vulnerable to exploitation by 3rd party applications.  Further, devices with Android 5.0 and above are protected, as the Android SELinux policy prevents 3rd party applications from reaching the affected code. Also, many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in linux kernel 3.8, as those newer kernel versions not common on older Android devices.