Experts Comment: Attackers Exploit 0-Day Vulnerability That Gives Full Control Of Android Phones

Google has found a vulnerability that resides in the Android operating system’s kernel code and can be used to help an attacker gain root access to the device. Ironically, the vulnerability was patched in December 2017 in Android kernel versions 3.18, 4.14, 4.4, and 4.9, but newer versions were found to be vulnerable, ZDNet reported. 


EXPERTS COMMENTS
Craig Young, , Principal Security Researcher ,  Tripwire
October 08, 2019
New devices like Pixel 3 were not affected simply because the kernel was presumably forked after this patch.
The real irony of this situation is that Google’s own automated bug hunting tools found the kernel bug and got it fixed in 2017 and yet the Pixel 2 is vulnerable in 2019. This shines a light on a dark spot in Google and Linux’s overall security postures. Google found the bug and reported it to the kernel developers who fixed it in their actively supported kernels. Unfortunately, there was no a ....
[Read More >>]
David Kennefick, Product Architect,  edgescan
October 08, 2019
ou should also be careful what permissions you give applications.
In terms of preventing the flaw affecting a device, the old mantra of use the "latest safe version" still rings true here. It is easy to pick out examples of organisations accidently leaving legacy vulnerabilities in code after patching them in previous version, these reintroductions are part of the software development lifecycle and may not go away in the next decade. Regardless keeping your devi ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article