Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever

Originally published at: http://boingboing.net/2016/10/25/every-android-device-potential.html


With steaks this high, black hats are sure to milk this one for a while.


If this is really that easy, why is obtaining root capability such shit on newer phones?

Hell I have an LG G3 (the newer version) and there is no working way to obtain root permanently. But maybe this is nothing more than an exploit in memory similar to the way KingRoot works (which you loose on reboot).


Privilege escalation means that a process or person that has already been granted the ability to do something (like, say, read a file, or send a signal) can increase what it is possible for that process or person to do. So that you think you only gave the app the ability to read your location, and you didn’t give it the ability to text people without your knowledge, but privilege escalation lets the app take the abilities you did not grant it.

As Cory pointed out, privilege escalation is great for escaping vendor chicanery, it lets you take control of your own devices. And if you practice good computer hygiene (which, unfortunately, nobody does except professionals and paranoids) it’s not going to harm you.

Privilege escalation is very different from a remote code execution attack. Remote code execution attacks can nail professionally paranoid people, too, and are pretty universally bad, there is no upside for the end users.

I have already patched all my devices and servers.


I see what you did there.


This is a serious security ecosystem problem.


While it’s a certainly a real exploit, I don’t really understand why people are making a big fuss about it (other than the silly name).

Local root exploits are pretty common, and basically every one of those “one click turbo root++ extreme!” packages people like so much is based on exploiting one of them. I mean, it’s been the standard case in Android land for a while that people get kind of grumpy when all the known local root exploits are fixed and their favorite one-click-root-for-dummies tool stops working.

All the decent phones (by definition :slight_smile:) have unlocked bootloaders of course, but a lot of people prefer to just use a local root exploit with the stock OS. I think the flaw in this way of doing things is obvious, but it does seem a little odd to make such a big deal over a new exploit.


I don’t know what your beef is, the threat is udderly credible.


Trying to check if the distro I’m using has been patched!

I like a lot of flavours of Linux, sticking with Zorin and Mint for now with W7 in a VM.

FYI. The City of Vicenza, Italy is launching a pilot program which aims to migrate the municipality’s computers from Microsoft Windows to Zorin OS.

Interestingly it seems the idea was picked up from a school in the city installing Linux rather than upgrade their equipment.

I wonder how many are doing this? It must save a lot of money for councils going down this path and would run on their 700 workstations.


Usually you can just google the distro name and the CVE number (CVE-2016-5195). The latest Mint kernel is patched.


Ta! Checked Mint , it’s Zorin I need to check.

Trying to get on their forum but it says the e-mail address I use is already in use so I must be a member already, but I have no recollection of joining.

Never had any problems with it so over the five years or so using it must have forgotten, I guess and have never bothered going on it?

Yeh, all OK running Ubuntu 4.8.0-26.28 and might do a re-install and try out Z12 beta.


Oo, bad idea.


CVE-2016-5195 is going to be fun with embedded systems (a.k.a. IoT for the youngin’s), considering there will be a lot of unpatched devices for years to come.


High see what you did there! - High I see what you did there

< who are you callin' "dirty"? >
        \   ^__^
         \  (--)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


This topic was automatically closed after 5 days. New replies are no longer allowed.