Menu
Google creates fix for zero-day kernel flaw, says effect on Android is greatly exaggerated

Google creates fix for zero-day kernel flaw, says effect on Android is greatly exaggerated

Most Android devices are unlikely to run vulnerable kernel versions, and those that do are protected by SELinux, the company said

After being caught off guard by the disclosure of a serious flaw in the Linux kernel this week, Google has quickly developed a patch for Android and shared it with device manufacturers.

It might take weeks for device makers to start releasing firmware updates that include the fix, but that's not a huge problem since, according to Google's assessment, the flaw doesn't affect many Android devices to begin with.

The privilege escalation vulnerability allows attackers to gain full control over Linux-based systems if they have access to a limited account or trick users into running a malicious application. It was found by researchers from Israeli threat defense start-up Perception Point.

The researchers notified the Linux kernel maintainers and Red Hat in advance of publicly disclosing the issue Tuesday. However, they did not contact the Android security team, despite claiming that around 66 percent of Android devices are potentially vulnerable.

Their estimation was based on the fact that the flaw affects all Linux kernel versions from 3.8 forward, and that such vulnerable kernels are used in Android starting with version 4.4 (KitKat).

However, in the Android world a device's kernel version depends more on the manufacturer's choice than on the version of Android installed on it. Manufacturers don't necessarily update the kernel when creating firmware based on newer Android versions, especially for older devices.

Adrian Ludwig, Android's lead security engineer, puts the number of affected devices much lower than Perception Point.

"Many devices running Android 4.4 and earlier do not contain the vulnerable code introduced in Linux kernel 3.8, as those newer kernel versions [are] not common on older Android devices," he said in a blog post.

Furthermore, according to Ludwig, devices that run Android 5.0 (Lollipop) and newer are protected even if they do use vulnerable kernels, because those Android versions have the Security-Enhanced Linux (SELinux) kernel module.

The Android SELinux policy in these versions prevents third-party applications from reaching the affected code, he said, adding that none of Google's Nexus devices are affected either.

This appears to contradict both the Perception Point researchers, who said that there are possible ways to bypass SELinux, and Red Hat, which said in its own advisory that SELinux does not mitigate this issue.

Ludwig said that the fix created by Google for this flaw, "will be required on all devices with a security patch level of March 1 2016 or greater."

However, this doesn't force manufacturers to integrate it until March 1 or even at all on older devices. They just won't be able to advertise a March 1 patch level on those devices.

The patch level is essentially a date string displayed in Android's settings under "About phone" which indicates that the firmware contains all Android security patches up to that date. It only exists in newer versions of Android.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments