A research team has identified a new “zero-day vulnerability” in the Linux kernel used by Google’s Android OS.
Perception Point research team has pointed out a flaw, which is apparently prevailing since 2012. This vulnerability can affect about 66 percent of the Android phones and tablets. It is apparently exploitable in a wide ambit of settings. For instance, attackers with local access can gain full root access on the servers.
The silver lining, however, is that no attempt has been made by any hackers to take advantage of this long-persisting vulnerability. In any case, this particular flaw need to be fixed, said the team.
This flaw can also allow an attacker to use certain apps to take control of the camera, microphone, GPS location and not-surprisingly, personal data, Phone Arena reported.
ARS Technica, on the other hand, said this zero-day vulnerability has the ability to let a “malicious app to breakout of the normal security sandbox to gain control of underlying OS functions.” Speaking of vulnerable Android OS versions, devices running KitKat or higher are apparently susceptible.
Google has responded to this allegation on Jan. 20 saying that the search giant’s own researchers are not ready to buy the story of Android devices are vulnerable to this exploit by third party apps. However, Google will issue a patch in March.
Following which, an update was made Thursday by Adrian Ludwig saying: “We have prepared a patch, which has been released to open source and provided to partners today. This patch will be required on all devices with a security patch level of March 1 2016 or greater.”
Ludwig also said no Nexus devices are susceptible to this vulnerability. Devices running Android 5.0 and later are also reportedly protected.