Scary Linux root exploit found, but Google’s not even sweating any major Android impact
Android, as many of its users probably know, is built on Linux. And while that’s provided Google with a great framework, it also means exposing the platform to some of the same issues faced by any other Linux system. A few days back, researches published a serious vulnerability in the Linux kernel, exposing systems to a privilege-escalation attack that could allow local users to gain root. Should you be concerned for the security of your Android phone or tablet? Google’s saying “no,” for most users, but it’s still releasing a patch for good measure.
In theory, a malicious app could take advantage of this exploit to achieve root and wreak havoc on your phone, but Google doesn’t think there’s a strong chance of that happening.
Modern phones are in the clear, as the SELinux setup in Android 5.0 and later prevents apps from accessing the resources needed to pull off this attack.
Even older phones may still be safe, as this vulnerability only popped up in Linux kernel 3.8, and many pre-Lollipop devices are based on kernels from before this bug was introduced.
Google’s got a patch ready, all the same, and it’s already been provided to Android manufacturers. All told, this attack sounds quite bad on paper (and is still a real issue for Linux computers), but its potential impact on smartphones is sounding less and less severe.