ANDROID USERS are at risk of vulnerability to the operating system affecting all makes and models.
If exploited, the device could give up escalated privileges to the hacker, allowing them to do more or less anything to your device.
White hat hackers at the Zero Day Initiative said:
"This vulnerability allows local attackers to escalate privileges on vulnerable installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
The issue is being caused by a driver called v4l2 (or Video4Linux 2 for completists). It seems to allow attacks by failing to check if an object it's been asked to process actually exists. That means you can get up to all kinds of shenanigans with raised permissions.
The good news is that the attacker needs to be actively holding your device. Whilst it's not 100 per cent clear how the exploit is then carried out, we're fine with that because it's the sort of thing we don't tend to tell you, lest we accidentally become an amateur hackers handbook.
The vulnerability first came to light back in March, and despite this, still hasn't been patched in the monthly security updates for Android devices (assuming that your OEM even bothers to issue them). Google has said that it is aware that there is an issue, but is yet to come up with a timetable for a fix.
As a zero-day vulnerability, Google really needs to make this a high priority fix because, although the chances of you having any issues unless your phone is actually stolen are non-existent, it presents a playground for every stolen phone out there to be misused, or to leak some private details tucked away in some hidden corner of its storage. μ
Put a Ring-Con on it
We know. We're as surprised as you are
It's available across all major UK networks