GOOGLE HAS RELEASED a patch designed to fix a potential security issue but claimed that it isn’t as serious as first suggested.
Security company Perception Point found an issue in the Linux kernel, the core of its Android operating system, which would have allowed attackers a way to take over a device.
It said the flaw had “implications for approximately tens of millions of Linux PCs and servers as well as 66% of Android devices“, but there was no evidence that the flaw had been exploited by anyone.
However, Google responded to the report by saying the number of devices that are affected isn’t as great as claimed, and how it didn’t have the usual 90-day window to investigate the flaw before it was publically released.
“Since this issue was released without prior notice to the Android Security Team, we are now investigating the claims made about the significance of this issue to the Android ecosystem,” said Adrian Ludwig of Android’s security team. “We believe that the number of Android devices affected is significantly smaller than initially reported”.
Ludwig said that both its Nexus devices and Android devices with Lollipop (5.0) or greater are safe since they are protected by SELinux (Security-Enhanced Linux), a security measure that prevents third-party apps from accessing a device’s code. That amounts to a third of all Android devices released (33.3%).
He also said that “many devices running Android 4.4 (KitKat) or earlier do not contain the vulnerable code introduced in Linux kernel 3.8,” suggesting that most Android devices are safe.
Despite that, Google has released a patch that will be implemented on newer Android devices. It’s expected to arrive after 1 March.
To embed this post, copy the code below on your site
have your say