Android vulnerability allows attackers root access

In an Android Security Advisory issued on March 18th, Google revealed it was notified of at least one unidentified rooting app available in Google Play and third-party marketplaces using a local elevation of privilege vulnerability in the Linux kernel of Android devices. This Android vulnerability advisory was published just before FBI hacked iPhone using an unknown vulnerability.

Google advisory states:

Google has become aware of a rooting application using an unpatched local elevation of privilege vulnerability in the kernel on some Android devices (CVE-2015-1805). For this application to affect a device, the user must first install it. Google already blocks installation of rooting applications that use this vulnerability both within Google Play and outside of Google Play using Verify Apps, and have updated our systems to detect applications that use this specific vulnerability.

Android vulnerability allows attackers root access - blackMORE Ops - 1To provide a final layer of defense for this issue, partners were provided with a patch for this issue on March 16, 2016. Nexus updates are being created and will be released within a few days. Source code patches for this issue have been released to the Android Open Source Project (AOSP) repository.

This Android vulnerability exists in all Android devices that use Linux kernel versions 3.4, 3.10, and 3.14, which includes Google’s own Nexus line of smartphones.

While the bug was fixed in April 2014, Google said it wasn’t aware the vulnerability was a security issue until last month, when Core Team researchers notified the company the bug could be exploited on Android.

On March 15, 2016 Google received a report from Zimperium that this vulnerability had been abused on a Nexus 5 device. Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges.

Mitigations

The following are mitigations that reduce the likelihood users are impacted by this issue:

  • Verify Apps has been updated to block the installation of applications that we have learned are attempting to exploit this Android vulnerability both within and outside of Google Play.
  • Google Play does not allow rooting applications, like the one seeking to exploit this issue.
  • Android devices using Linux kernel version 3.18 or higher are not vulnerable.

Acknowledgements

Android would like to thank the C0RE Team and Zimperium for their contributions to this advisory.

Check Also

Whispers: A Powerful Static Code Analysis Tool for Credential Detection

“My little birds are everywhere, even in the North, they whisper to me the strangest …

Nyxt The Hacker's Browser Unleashing Power and Flexibility

Nyxt: Hacker’s Dream Browser

In the ever-evolving digital landscape, the demand for specialized tools and platforms has grown exponentially. …

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.