In the Linux operating system, found a critical vulnerability that threatens the security of tens of millions of computers, servers and Android devices. A flaw in the Linux kernel, which is present in most modern Android devices, allows attackers to execute commands with root access.
According to experts from the company Perception Point, the error CVE-2016−0728 present in Linux since kernel version 3.8. It is expected that the developers will fix the bug this week. However, taking into account the complexities associated with upgrading, many Android and embedded devices (ATMs, payment terminals, telecommunication equipment, etc.) can remain exposed to hacker attacks for many months and even years.
On servers the “hole” could allow an attacker with local access to the computer to obtain unrestricted access to the root directory, and the malicious application on an Android smartphone (version KitKat and higher) — to get out of a protected “sandbox” and gaining access to critical OS functions.
“At the time of detection vulnerability threatens about tens of millions of Linux computers and servers, and 66% of all Android devices (phones/tablets)”, — said the expert.
Google was unhappy with the statements of researchers. The main claim to the experts Perception Point is that they have not previously notified the Android security team about the issue.
“We are currently investigating applications [Perception Point], that this problem can considerably affect the entire Android ecosystem. We believe that the number of affected Android devices is actually significantly below the claimed figures,” said the company.
In 2014 in a Linux distribution was discovered that a similar error that could remain undetected for many years. From “Trojan” that exploits the vulnerability, affected systems in 45 countries. How do I find then “Kaspersky Lab”, for at least four years, the virus has infected the system in the government and educational institutions, embassies, defense agencies, research and pharmaceutical companies.