Dangerous new zero-day flaw affects more than two-thirds of all Android devices

“A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest ‘root’ level is said to hit ‘tens of millions’ of Linux PCs and servers,” Zack Whittaker reports for ZDNet. “Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices.”

“Israeli security firm Perception Point disclosed the flaw in a blog post Tuesday,” Whittaker reports. “The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher.”

“The vulnerability is in the keyring facility, baked into the core of the Linux software,” Whittaker reports. “If exploited, an attacker would be able to execute code on the Linux kernel, and extract cached security data, which can include in some cases encryption and authentication keys.”

Read more in the full article here.

MacDailyNews Take: Good thing you got two for one, settler. Good thing you’re a cheapskate, too. The ability to stretch a dollar will serve you well with your newly-emptied bank accounts.

Have fun waiting for that fragmandroid patch that’ll never arrive. (smirk)

Android malware steals one-time passcodes, a crucial defense for online banking – January 14, 2016
New Android malware is so bad, you’d better off buying a new phone – November 6, 2015
Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013


    1. Why are you spewing BS? What you have heard on this forum is that Android users are fragmented across a range of Android OS versions going back to 2.2. Many Android devices have been sold with 4.4 or later in recent years.

  1. As I foresaw: 2016 is turning out to be Fragmandroid security hell on steroids. That’s two huge security holes in Android in January, so far. This one is fascinating because, so far, it’s in more modern versions of Android and the oldies get a break.

    So how is the fix going to roll out? No doubt Nexus gear will all get fixed in a hurry. Google’s advantage. But the other Android gear manufacturers?

    Setting aside that nightmare, I’m worried about a lot of susceptible Linux servers. Let’s hope they have savvy admins who’ll update ASAP.

    And as usual, I’ll point out that the core problem with security these days is antiquated coding tools that enable lousy memory management.

    From Perception Point, who describe CVE-2017-0728:
    The leak occurs when a process tries to replace its current session keyring with the very same one. As we see in the next code snippet, taken from kernel version 3.18, the execution jumps to error2 label which skips the call to key_put and leaks the reference that was increased by find_keyring_by_name.

    Sound familiar?

  2. The real problem is the vast majority of Android users won’t ever hear about any of these vulnerabilities, and even if those that do they don’t care. They are of the mindset that the chances of them getting targeted through any one of these vulnerabilities is extremely small. Even though the chance of getting hit is likely higher than winning the Powerball Lottery they would rather buy lottery tickets than buy a safer phone.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.