Google has already patched Android’s fatal Linux bug
Google has addressed a Linux kernel bug recently discovered by one security firm that has left around 66 percent of Android devices vulnerable to attack. It has already made its patch available to Android partners, but devices running Android 5.0 and above don’t need it.
The discovery was made earlier this week by Perception Point and Red Hat, and it’s thought to have been present in the Linux kernel used by Android since 2013. Researchers estimated that around two thirds of Android devices were affected by it, but Google isn’t convinced.
“We believe that the number of Android devices affected is significantly smaller than initially reported,” writes Googler Adrian Ludwig. “We believe that no Nexus devices are vulnerable to exploitation by 3rd party applications. Further, devices with Android 5.0 and above are protected, as the Android SELinux policy prevents 3rd party applications from reaching the affected code.”
If you have a modern Android device, then, you probably don’t need to worry about this bug at all. Google also believes that many devices running Android 4.4 KitKat and earlier are not vulnerable because they do not contain the affected Linux code.
But for those with devices that are open to attack, there is a fix.
“We have prepared a patch, which has been released to open source and provided to partners today,” Ludwig adds. “In addition, since this issue was released without prior notice to the Android Security Team, we are now investigating the claims made about the significance of this issue to the Android ecosystem.”
Unfortunately, we have no idea if or when Google’s partners will make this fix available. All of them have stopped updating KitKat devices now, so it seems unlikely we’ll ever get it. You may need to upgrade to be completely secure.
- SourceAdrian Ludwig