A Serious Vulnerability in the Linux Kernel Hits Millions of PCs, Servers and Android Devices

A Serious Vulnerability in the Linux Kernel Hits Millions of PCs, Servers and Android Devices

Windows 10 going to add Ubuntu’s bash and Linux command line and lots more in next update
Do you know why real hackers prefer Linux distro over other OS
Basic Ubuntu commands and Terminal shortcuts every beginner must know

A new, previously undiscovered serious vulnerability in the Linux kernel could have allowed an attacker  to take full control over Linux-based PCs, servers, Android phones and other embedded devices.

The vulnerability, tracked as CVE-2016-0728, was found and reported to the Linux kernel security team and several Linux distribution maintainers by researchers from an Israeli threat defense start-up called Perception Point.

Also Read : PlayStation 4 Hacked to Run Linux

Serious Flaw in Linux Kernel

The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher. The vulnerability is in the keyring facility, baked into the core of the Linux software. If exploited, an attacker would be able to execute code on the Linux kernel, and extract cached security data, which can include in some cases encryption and authentication keys.

In short, the flaw allows an attacker to gain root level privileges by running a piece of malware on an affected device. With that elevation of privileges the attacker could then take complete control of a device and its data.

Also Read : Pictures of Female Facebook Users in India Being Used to Promote Porn Sites

Perception Point is not aware of any attack exploiting this vulnerability in the wild, but the company believes that computers emergency response teams and larger security vendors might be in a better position to discover if such attacks have happened.

Linux distributions will release security patches for this vulnerability this week, so users should update their Linux kernel as soon as possible. However, some systems will likely remain vulnerable for some time to come, if not indefinitely.

Also Read : Ransom32 is First JavaScript-Based Ransomware Affecting Windows, Mac and Linux