The wrath of the ZERO DAY flaw in Android & Linux devices

The wrath of the ZERO DAY flaw in Android & Linux devices

Bengaluru, India | Red Newswire | Jan 25, 2016 Last Updated at 11:00 AM IST.

Zero day in a lay man’s term means the day when, some buyer exploits an unknown weakness inside the vendor’s production. That is what, the Linux OS users are afraid of these days.

The OS is flawed in some way and it is called the “zero day flaw” wherein, users with lower privileges are vulnerable to attackers who can gain root access easily, according to Perception Point which made this discovery only last week.

Apparently tens of millions of PC’s and servers, as well as 66% of all android mobile devices are vulnerable to this flaw. The cool thing is that not many people have known this flaw since its inception in 2012!!!! Which by the way affects Linux Kernel v3.8 and higher.

 And even if somebody tries to pull this off, the attack would be instantly compromised because of its loudness and should be easy to prevent by host-based intrusion software as pointed out by Adrian Sanabria, an analyst at 451 Research. He also notices that it may be out in the wild to attack us any moment.

However SMEP (Supervisor Mode Execution Protection) and SMAP (Supervisor Mode Access Protection) will make it difficult to exploit Linux boxes and Android devices are protected by SELinux, Perception Point noted.

Because of the fact that SMEP And SMAP are native to Intel architecture CPUs, it will be hard to access the kernel resources. Other than that, ARM CPUs, used in mobile phones offer their own security features. "would also mitigate the exploit by diluting the privileges that accompany root account access," Weinberg told LinuxInsider when asked about SELinux and versions of android made with it.

The vulnerability is listed as "CVE-2016-0728" by Perception Point. The vulnerability exists in the keyring facility built into the Linux kernel.This isn’t so easy because to carry out the attack, the attacker first needs to gain local access to the server.

Phew to the Red Hat Enterprise Linux 5 and 6 as they are not vulnerable to the flaw but beware the 7 ones because a fix is yet to come their way. Meanwhile a patch is available which works with Fedora 22 and RHEL 7. The advice by experts is to use this patch ASAP.

 By: Rishi Sharma @Rednewswire