The Inquirer-Home

Linux vendors urgently patch a security flaw

Enables Android 4.0 Ice Cream Sandwich root exploit
Thu Jan 26 2012, 12:52

OPEN SOURCE Linux distributors are quickly patching a security flaw recently found in the Linux kernel.

A local attacker can gain root access to the system via a privilege escalation vulnerability. The security hole involves the kernel failing to restrict access to the "/proc/<pid>/mem" file, according to Techworld, and the security advisory is CVE-2012-0056.

The flaw effects Linux versions 2.6.39 and higher. Linux creator Linus Torvalds posted a patch for the issue on 17 January, but before vendors could apply it to their distributions some proof of concept exploit code made its way onto the internet.

Leading distributors Ubuntu and Red Hat have already released patches to fix the flaw but others are yet to do so.

A detailed exploit for the fault is called 'mempodipper' by security researcher Jason Donenfeld. Jay Freeman, creator of the Cydia app store for jailbroken Ipads and Iphones then used it to create a local root exploit for Android 4.0 Ice Cream Sandwich (ICS), which he has called 'mempodroid'.

Freeman said, "While Android itself is open, many of the devices that use it are not, and the Transformer Prime has a locked bootloader, making exploits such as this required to install custom software."

Android 4.0 ICS is on only a couple of devices that actually can be purchased in the shops but 'mempodroid' could be used to root future and upgradable devices using Google's operating system. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?