A new vulnerability in the key-ring facility in the core of Linux has been discovered that could allow attackers to launch a zero-day attack affecting tens of millions of Linux PCs and Servers and Android phones. Some of the code is shared so the flaw could also affect more than two-thirds of all Android devices. Craig Young, a cybersecurity researcher for Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Cybersecurity Researcher at Tripwire :
“With proof-of-concept code now publicly available, it is highly likely that we will see a flood of new Android malware taking advantage of this privilege escalation bug. This is a particularly troubling problem considering the massive number of Android devices that will never be updated with a patch for this bug.
Fortunately it should be relatively easy for Google to identify application submissions exploiting this flaw, which makes it less likely that consumers sticking to the Google Play store will be affected, even if running vulnerable handsets.
As an added layer of protection, consumers would be well-advised to run anti-virus software on their Android devices as an additional layer of protection.”[/su_note]
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]