To fix critical flaw in Android Kernel, Google released an Emergency security patch!

A number of Android devices have been affected from a LOCAL ELEVATION PRIVILEGE VULNERABILITY. To patch this vulnerability, Google released an emergency security patch. This vulnerability has been ranked as a critical security flaw under CVE-2015-1805. This vulnerability was allowing hackers to gain elevated privileges by rooting any Android device with the help of third party applications. Hackers were also capable to run an arbitrary code after exploiting this vulnerability. Therefore Google released an emergency security patch to fix this flaw as soon as possible.

Google said, all Android devices with kernel versions 3.10, 3.14 and 3.4 are vulnerable to this major security issue. All the Android devices of Nexus are also vulnerable to this security flaw. But the Android devices, which are using Linux kernel version 3.18 and above of it are totally safe.

According to a statement of company advisory,” Kernel of Android devices were allowing malicious application to run an arbitrary code in the Kernel, under this vulnerability. There was a possibility of permanently compromise for Android device. The arbitrary code was capable to destroy the OS of devices.”

By rooting already installed applications on device, it is possible to exploit this vulnerability. Hackers could gain elevated privileges of device, in order to make changes in kernel of device. Google is also blocking these type of malicious applications from both Google Play Store and other third party application stores.

This security issue was first discovered by some security researchers in upstream Linux kernel. It was fixed by Google in April 2014. It was working good. But on Feb. 19, the security team of Google found that, this vulnerability is exploitable in Android. When they cross checked, it was really working. Famous security company Zimperium also told Google about this vulnerability. A live demo on Nexus 5 device was also seen by security researchers to the security team of Google. A Stagefright security issue in android was also discovered by Zimperium in 2015.

Around 950 million Android devices were affected with this Stagefright vulnerability. The media servers of Android were affected with this vulnerability. This security issue was fixed by Google in October, 2015.

The security update for local elevation privilege vulnerability will be available on Nexus device soon. Google will inform, when this update will be publicly available for all devices. All the Nexus 5 and Nexus 6 Android devices are vulnerable to this flaw. Google said, first update was released on 18 March, 2016. Next one is coming on 2nd April, 2016. One more will come after that.