06-17-2014 12:42 PM
by Brian Donohue June 17, 2014
A recently disclosed vulnerability in version 3.14.5 of the Linux kernel is also present in most versions of Android and could give attackers the ability to acquire root access on affected devices.
Researchers at Lacoon Mobile Security are calling the bug “TowelRoot,” because it is the very same vulnerability (CVE-2014-3153) exploited in the latest Android rooting tool developed by George Hotz (Geohot). Successful exploitation of the Linux bug within the Android operating system would give the attacker administrative access to a victim’s phone. Specifically, such access could potentially allow that same attacker to run further malicious code, retrieve files and device data, bypass third-party or enterprise security applications including containers like Samsung’s secure Knox sub-operating system, and establish backdoors for future access on victim devices.