At Risk: 66% of Android Devices, Millions of Servers and Desktops
An Israeli cybersecurity startup has discovered a zero-day
security flaw in the Linux kernel that runs millions of servers, desktops as well as mobile devices that use the Android operating system. An attacker could abuse the flaw to gain root-level privileges on a device and execute arbitrary code or steal any data stored on the device.
"The vulnerability is in the core Linux kernel, which is the same on desktops, servers, and Android devices," says Yevgeny Pats, CEO of Perception Point, a security firm founded last year in Tel Aviv that focuses on advanced persistent threat defense. His team believes that the new memory-leak vulnerability, which has been assigned CVE-2016-0728, affects at least 66 percent of all Android mobile devices and tens of millions of Linux PCs and servers. The bug first appeared in 2012 in the Linux kernel version 3.8, and exists on both 32-bit and 64-bit Linux systems.
