Jan 20, 2016

Major Linux Exploit Made The News (CVE-2016-0728)

A recently discovered Linux exploit has made the news that has gotten the whole cyber security industry's panties in a bunch. It's been labeled as CVE-2016-0728 and affects every major distribution of Linux including Android and Ubuntu.

From RT:

All PCs, smartphones, and other gadgets running Linux-based systems such as Android are susceptible to extremely intrusive hacks due to a three-year-old flaw that was only discovered on Tuesday. Now the race to patch and secure millions of devices is on.

Discovery of what is identified as CVE-2016-0728 was made by Israeli defense start-up Perception Point. By working with Linux researchers, Perception Point found that by manipulating the central Linux kernel, an app or user could gain unlimited control over the root systems. The problem has existed since Linux version 3.8, which is also present in devices running the Android version KitKat or better, or about two-thirds of all Android products.

The trouble lies in the keyring, part of the kernel that stores sensitive security information like encryption keys. Even built-in or add-on security features like “supervisor mode access prevention” and “supervisor mode execution protection” are still not enough protection to absolutely guarantee against hackers.

A fix is anticipated from top distributors of Linux this week, but it could be months or years before millions of Android handset or embedded device users are squared away, due to the fact their software updates are not prompted automatically. While Perception Point says the sensitivity has yet to be exploited, the risk is still real for now.
If you haven't done it already, we suggest you update your systems as soon as possible!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam