A new security flaw in Android has been discovered: Google is already working to fix it
In the last few years, the security of the Android operating system has become a priority for Google: the release of monthly security patches e Play Protectwhich protects users from malicious apps from the Play Store, have definitely increased the security of smartphones, even if it is always possible that something gets out of BigG’s control.
In fact, one was recently discovered new security flaw affecting the Android operating system: this was discovered by Zhenpeng Lina security researcher and PhD student at Northwestern University, who showed the vulnerability running on his Pixel 6. In fact, potential victims include many latest generation Android smartphonessince the flaw is essentially with the kernel Linux, more precisely the version 5.10.
The vulnerability in question, without getting into technicalities, contented a potential cybercriminal of gain full read and write access to the system, as well as root privileges and permission to disable SELinux, Linux kernel security module. Put simply, an attacker able to exploit this flaw could have full access to the operating system, with therefore the possibility of stealing private data and causing various damages.
As mentioned, vulnerability does matter all smartphones running version 5.10 of the Linux kernel (Lin specifically refers to Samsung’s Galaxy S22 family and Google’s Pixel 6 series.) The security researcher has not yet disclosed the details of the flaw, so users can sleep soundly waiting for Google to release an update for this issue.
BigG has obviously been informed of everything and will resolve the flaw as soon as possible: probably though we will have to wait for the September security patches, since the vulnerability just described does not appear in the list of fixes coming in August. As always, we do not recommend installing apps from unsafe sources, in order to minimize the risk of running into security problems.
The security holes of 2022
2022 was a particularly interesting year from the point of view of IT security: in addition to the flaw just described, it is also worth remembering Dirty Pipea particularly serious Linux kernel vulnerability that allowed criminals to perform a privilege escalation and thus obtain full access to the system (practically, like the flaw discovered by Zhenpeng Lin).
Dirty Pipeto which we have dedicated a detailed article that we invite you to read, struck the version 5.8 of the Linux kernel, used by new generation Android smartphones and also by some versions of Chrome OS. The vulnerability allowed a any app installed to which i had been guaranteed access permissions internal storage to execute lines of code that are harmful to the device and its security.
Subsequently, thanks to the release of the security patches in May, Google has finally fixed the security flaw not only on their Pixel devices, but also on all other smartphones with an Android operating system that have updated with the May patches.