Privilege Escalation Vulnerability affects Billions of Android Devices

Newly found Privilege Escalation Vulnerability affects billions of android mobile phones and tablets, except the devices that are running latest Android 5.0 Lollipop. “Privilege Escalation is the act of exploiting a bug, design flaw or configuration in an operating system to gain administrator or root access.” – Wikipedia. Security Researcher named Jann Horn initially discovered this android security vulnerability that could allow any attacker to bypass “Address Space Layout Randomization (ASLR) defense and execute arbitrary code on the target device.

android-privilege-escalation

Any android device running below android 5.0 lollipop operating system is vulnerable to this attack. Security bug found in java.io.ObjectInputStream is the main cause of this vulnerability, that fails to check whether an Object that is being deserialized is actually a serializable Object.

The Researcher also notified Google about this vulnerability earlier this year and the android team has fixed this vulnerability on Android 5.0 Lollipop.

Also Read, mSpy Review and 15% mSpy Coupon Code Discount, Best Spy App for Android and iPhone.

Android Privilege Escalation Vulnerability

By default, android apps communicate with system_service, which runs under admin privileges. They transfer data as arraymaps which contain serialized data, where any android app can take control of the system_service by injecting a malicious code. Researcher Jann Horn has wrote about this vulnerability in seclists which gives complete detail about how this privilege escalation attack works on devices running earlier versions than android 5.0 lollipop.

Google released Lollipop source recently and mobile manufacturers already started cooking an update for existing flagship devices and for few more specifically in each brand. This naturally takes more than usual time to get updates to those devices. HTC marked 90 days time for releasing android 5.0 lollipop update and they also announced a list of devices that are eligible for the 90th day update. Developers are working day and night to release android lollipop update for devices and fixing bugs in all corners.

There are other compatibility problems currently faced by android 5.0 lollipop where users who have received upgrades on Motorola Moto series phones advising others not to upgrade immediately as they are experiencing applications being broken and crashed frequently. There are also reports that the new lollipop update slowdown users mobile devices and Google should work on fix in the next update to address all these stability and performance related issues.

Thanks for reading and dont forget to share this post with friends and followers across social networking websites like Facebook, Twitter and Google+. Have a wonderful day.

via TheHackerNews

About the Author: Robin C

Security Consultant, Engineer, Technology Enthusiast and Blogger.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.