Tuesday, January 19, 2016

The new “hole” on Linux and Android has affected tens of millions of users – CNews.ru

The vulnerability, which exists since 2012 g of.

The existing since 2012 vulnerability “zero day” on Linux, present in kernel versions starting with 3.8, puts compromised data owners about 66% of smartphones and tablets based on Android, and tens of millions of PCs and servers, according to researchers from the company Perception Point.

key retention service

Vulnerability marked as CVE-2016-0728, is contained in the service of key storage and authentication information in the kernel Linux. This service can be used by remote filesystems or other kernel services to manage encryption, authentication tokens, cross-domain user mappings, and other security tasks.

The vulnerability manifests itself when the system process tries to replace generated in the current session, a set of keys to other like a set of keys. Due to the vulnerability, after the particular sequence, the attacker can achieve performance in the victim’s system of arbitrary code.

The severity of the situation

«The problem is really simple. It lies in the fact that Linux does not have a function that would be regularly updated by the system automatically, “- shared one of the founders and CEO of Perception Point Eugene Pats (Yevgeny Pats).

Обнаруженная vulnerability affects tens of millions of Android-devices

The severity of the situation is that many servers are running older versions of Linux, and nobody cares about their updates, added the head. It is recommended to update the Linux kernel to all users after the leaves corresponding patch (its output is scheduled for January 19 2016).

Pats added that the vulnerability is contained in Android since version 4.4 (KitKat), it was presented in 2013

not the first time

In 2014, the operating system Android has been detected “hole “affecting about 99% of devices based on the operating system of the total (900 million units). It allows the attacker to issue a genuine application of any malicious code and its subsequent launch on the device or on the unsuspecting user.

No comments:

Post a Comment