KitGuru KitGuru.net – Tech News | Hardware News | Hardware Reviews | IOS | Mobile | Gaming | Graphics Cards
Google has issued a warning to Android users this week after it discovered a bug present in the software that could allow hackers to gain root access to your smartphone through a certain application. The flaw itself isn't particularly new and was originally discovered two years ago in the Linux Kernal but it wasn't flagged up as an issue at the time.
This hasn't been an issue for Android users in the past as it wasn't part of the software but it now is. The vulnerability comes with the identifier CVE-2015-1805 and Google is already working on a security patch but a couple of security research teams beat Google to discovering the issue and figuring out how it all works.
We don't know the name of the app that this exploit is achieved through but it is no longer on the Play Store. However, Google is classifying this issue with a critical severity rating for now. While Google is currently working on patches for its Nexus smartphones, these only represent a fraction of the Android smartphone market so it will be up to other manufacturers to push out a patch to their own handsets.
You can read Google's security notice, HERE.
KitGuru Says: Honestly some of the details surrounding this issue are a bit vague. If you're running Android then make sure you only install verified apps for the time being and try to keep your device secure.
What constitutes a verified app?
If this thing is so dangerous, why is the name of the actual app that caused this being kept a secret? Just let everyone know not to install (or uninstall if you already have) app XZY until a fix is out. The only reason I can think off is if the app in question is an official Google (Maps, Hangout, etc) app and Google doesn’t want you to stop using it.
Apps from the Play Store and not ones installed directly from the apk.
but didn’t the article say that some of these malicious apps were pulled from the Play Store?
Yes, they were, but the Play Store is still the “safest” place to get apps as they are put through some form of verification and exploit apps are removed once discovered. Outside of that, anyone’s guess.