Google releases emergency security patches to fix privilege elevation vulnerabilities that affect Android operating systems (CVE-2015-1805)

Source: Internet
Author: User
Tags cve

Google releases emergency security patches to fix privilege elevation vulnerabilities that affect Android operating systems (CVE-2015-1805)

Google released emergency security patches to fix Privilege Escalation Vulnerability CVE-2015-1805 that affects Android operating systems.

Affects all Nexus devices and some Android devices

Google has released emergency security patches to fix Privilege Elevation Vulnerability CVE-2015-1805 that affects the kernel of Android OS devices. This vulnerability is a high-risk vulnerability that can be used to escalate permissions and run arbitrary code on vulnerable devices.

This security vulnerability has been detected in the upstream Linux kernel a few years ago and fixed in April 2014. Unfortunately, this vulnerability was underestimated until the C0RE team informed last month that it could be used to attack the Android operating system.

All unpatched Android devices running kernel versions 3.4, 3.10, anD 3.14, including all Nexus devices, are vulnerable to CVE-2015-1805 vulnerabilities. At the same time, the Linux kernel version 3.18 or later is not affected.

 

 

Google has used the Verify Apps function to comprehensively block the installation of software that may trigger this vulnerability from inside and outside Google Play.

Google consultant said:

"We have completely blocked the installation of the root application that uses this vulnerability from inside and outside Google Play, use Verify Apps and update our system to detect applications that use this special vulnerability. To effectively defend against this vulnerability, we provided patches to our partners in March 16, 2016. The Nexus update program is under development and will be released in the next few days. The source code patch for this issue has been released to the Android open-source project (AOSP) resource library ."

Google has warned related users that the vulnerability may cause permanent device damage. In some cases, it may have to refresh the operating system to delete malicious applications.

Google consultants added:

"The kernel elevation privilege vulnerability may cause malicious local applications to execute arbitrary code in the kernel. This problem may cause permanent damage to the local device and the device needs to be repaired by refresh the operating system ."

Google is actively updating the Nexus and will release the latest patch in the next few days. Now, the company has notified its partners about the vulnerability.

Consultant said:

"The source code patch for this issue has been released to the Android open-source project (AOSP) repository ."

To reduce the risk of exploits, users should promptly update patches to prevent security vulnerability hazards.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.