Google earlier this month rolled out its March Android Security update for Nexus devices. However, the search giant now is going to roll out a mid-month security patch as well after a critical Linux kernel flaw was discovered in a rooting app.
Researchers from Zimperium found the flaw in a rooting application for the Nexus 5 and the Nexus 6 smartphones last week. Google then confirmed the existence of a publicly available rooting application and rated the flaw as a Critical severity issue. The company has for now blocked installation of rooting apps that use this vulnerability both within and outside of Google Play.
“Google has become aware of a rooting application using an unpatched local elevation of privilege vulnerability in the kernel on some Android devices (CVE-2015-1805). For this application to affect a device, the user must first install it. We already block installation of rooting applications that use this vulnerability both within Google Play and outside of Google Play-using Verify Apps, and have updated our systems to detect applications that use this specific vulnerability,” said the Android Security Advisory page.
It is worth mentioning that an Android device using Linux kernel version 3.18 or higher will not be affected. After the flaw was rated as a Critical severity issue, Google also sent a patch to AOSP and Android Partners. “To provide a final layer of defense for this issue, partners were provided with a patch for this issue on March 16, 2016. Nexus updates are being created and will be released within a few days. Source code patches for this issue have been released to the Android Open Source Project (AOSP) repository.”[“source-ndtv”]