Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

To fix critical flaw in Android Kernel, Google released an Emergency security patch!

 

A number of Android devices have been affected from a LOCAL ELEVATION PRIVILEGE VULNERABILITY. To patch this vulnerability, Google released an emergency security patch. This vulnerability has been ranked as a critical security flaw under CVE-2015-1805. This vulnerability was allowing hackers to gain elevated privileges by rooting any Android device with the help of third party applications. Hackers were also capable to run an arbitrary code after exploiting this vulnerability. Therefore Google released an emergency security patch to fix this flaw as soon as possible.

Google said, all Android devices with kernel versions 3.10, 3.14 and 3.4 are vulnerable to this major security issue. All the Android devices of Nexus are also vulnerable to this security flaw. But the Android devices, which are using Linux kernel version 3.18 and above of it are totally safe.

According to a statement of company advisory,” Kernel of Android devices were allowing malicious application to run an arbitrary code in the Kernel, under this vulnerability. There was a possibility of permanently compromise for Android device. The arbitrary code was capable to destroy the OS of devices.”

By rooting already installed applications on device, it is possible to exploit this vulnerability. Hackers could gain elevated privileges of device, in order to make changes in kernel of device. Google is also blocking these type of malicious applications from both Google Play Store and other third party application stores.

 

Also read: Scammers are sending Porn Links for Spreading “Android Marcher Trojan”!

This security issue was first discovered by some security researchers in upstream Linux kernel. It was fixed by Google in April 2014. It was working good. But on Feb. 19, the security team of Google found that, this vulnerability is exploitable in Android. When they cross checked, it was really working. Famous security company Zimperium also told Google about this vulnerability. A live demo on Nexus 5 device was also seen by security researchers to the security team of Google. A Stagefright security issue in android was also discovered by Zimperium in 2015.

Around 950 million Android devices were affected with this Stagefright vulnerability. The media servers of Android were affected with this vulnerability. This security issue was fixed by Google in October, 2015.

The security update for local elevation privilege vulnerability will be available on Nexus device soon. Google will inform, when this update will be publicly available for all devices. All the Nexus 5 and Nexus 6 Android devices are vulnerable to this flaw. Google said, first update was released on 18 March, 2016. Next one is coming on 2nd April, 2016. One more will come after that.

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.