Article 4PVFW Android Zero-Day Bug Does Not Make It On Google’s 'Fix' List

Android Zero-Day Bug Does Not Make It On Google’s 'Fix' List

by
janrinok
from SoylentNews on (#4PVFW)

Arthur T Knackerbracket has found the following story:

[Google] rolled out security patches for the Android mobile operating system but did not include the fix for at least one bug that enables increasing permissions to kernel level.

Security flaws that enable privilege escalation can be exploited from a position with limited access to one with elevated access to critical files on the system. In order to utilize this, an attacker should have already compromised the device but have their actions restricted by insufficient permissions.

The Android Security Bulletin for September includes fixes for a couple of critical vulnerabilities in the media framework and a load of high-severity bugs. But vulnerability reported today is not on the list.

The vulnerability exists in the driver for the Video For Linux 2 (V4L2) interface used for video recording. It is estimated as a high-severity zero-day so it does not have an identification number yet.

"The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this to escalate privileges in the context of the kernel."

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments