22.06.2014 10:25

Most Android-devices affected by the vulnerability allows root privileges

Tightening manufacturers release firmware updates led to the fact that most Android-devices are susceptible to vulnerabilities CVE-2014-3153, revealed in early June in the Linux kernel allows local users to execute code with kernel privileges. Surrounded by Android vulnerability allows an attacker to gain complete control over a smartphone or tablet, and bypass protection and isolation processes, including distributed by Samsung system safe containers Knox.

Vulnerability Android remains unpatched in such popular devices like Samsung Galaxy S5, Samsung Note 3, LG G Flex, Motorola RAZR HD / M, Razr Maxx HD, Sony Xperia E1, C6603, C5303, Xperia T, Xperia z1 and Xperia SP. The problem is compounded by the fact that the life cycle of mobile support is small enough and manufacturers stopped training firmware updates shortly after the new devices, which leads to the fact that in everyday life there are still many vulnerable smartphones. On the other hand, such carelessness manufacturers enables users to obtain root-access and full control over the device, bypass the protection replacement firmware.

Tools for root-access through a vulnerability Android CVE-2014-3153 published a few days ago under the name TowelRoot and allows you to get full control over most models of Android-devices. It is expected that the availability of working exploit will soon be used by hackers to embed means to obtain root of malware and trojan applications.

Supplement: Not Available corrective update Android 4.4.4, which eliminated the vulnerability Android (CVE-2014-3153) in the kernel Linux, making it possible to get a root-access, and vulnerability Android (CVE-2014-0224) in OpenSSL, which allows to make a MITM-attack which can lead to modifications and deciphering the transit gateway passing within secure SSL / TLS-connection traffic. Firmware updates are available for devices Nexus.