News: Devices running older versions of Linux kernel could be affected.
Google has pushed out an Android patch for millions of devices after it became aware of a rooting application using an unpatched local elevation of privilege vulnerability.
The known issue in the upstream Linux kernel was fixed in April 2014 but wasn’t called out as a security fix until February 2015.
On 19 February 2016, C0RE Team notified Google that the issue could be exploited and a patch was prepared to be included in a scheduled update.
However, a report from Zimperium revealed on 16 March that the vulnerability had been abused, and the issue was given ‘Critical’ severity status: the most serious threat category.
Partners were provided with a patch on 16 March 2016 and source code patches have been released to the Android Open Source Project repository.
Verify Apps was updated to block the installation of applications trying to exploit the vulnerability both within and outside Google Play. Google Play already does not allow rooting applications.
Elsewhere in the security world, Zscaler has discovered new instances of the Locky ransomware that was used to target the Hollywood Hospital last month.
The authors have changed tactics and now deliver malicious content through zip attachment files in spam emails. Originally they would infect Microsoft Word documents.
In February the Locky vulnerability forced the Hollywood Hospital to pay bitcoins worth $17,000 in ransom.