A new vulnerability in the key-ring facility in the core of Linux has been discovered that could allow attackers to launch a zero-day attack affecting tens of millions of Linux PCs and Servers and Android phones. Some of the code is shared so the flaw could also affect more than two-thirds of all Android devices. Craig Young, a cybersecurity researcher for Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Cybersecurity Researcher at Tripwire :
“With proof-of-concept code now publicly available, it is highly likely that we will see a flood of new Android malware taking advantage of this privilege escalation bug. This is a particularly troubling problem considering the massive number of Android devices that will never be updated with a patch for this bug.
Fortunately it should be relatively easy for Google to identify application submissions exploiting this flaw, which makes it less likely that consumers sticking to the Google Play store will be affected, even if running vulnerable handsets.
As an added layer of protection, consumers would be well-advised to run anti-virus software on their Android devices as an additional layer of protection.”[/su_note]
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.