Linux zero-day affects most Androids, millions of Linux PCs

A new zero-day vulnerability has been discovered that allows Android or Linux applications to escalate privileges and gain root access, according to a report released this morning by Perception Point.

"This affects all Android phones KitKat and higher," said Yevgeny Pats, co-founder and CEO at security vendor Perception Point.

Any machine with Linux Kernel 3.8 or higher is vulnerable, he said, including tens of millions of Linux PCs and servers, both 32-bit and 64-bit. Although Linux lags in popularity on the desktop, the operating system dominates the Internet, mobile, embedded systems and the Internet of Things, and powers nearly all of the world's supercomputers.

This thread title and article insert come directly from the web site

The great thing about this is that millions of people who have never heard of Linux will hear about it. The bad thing is that people may not make the switch to Linux anymore, because they may see it as insecure.

I will watch the news tonight and see if they talk about it.

At least SELinux is capable of mitigating the eminent risk on Android which likely wont get patches...

I am sitting on coals though cause of my many linux machines... hope distros come out with patches very soon.

I doubt that, there were and there will be 0-days in Linux as in any other software, and they all mostly go unnoticed.

I run Android and Linux. Oh man..

Hope it will get patched soon!

Hmm.. Wonder how long before fix will be implemented to Arch.. TO THE FORUMS!

knowing arch by the time you get there a patch will have been submitted by someone for review

I look at it as Karma, really. for every single Linux user who likes to think they are better than everyone else cause they use an Open source platform. "OUR PLATFORM IS SECURE CAUSE IT'S OPEN SOURCE!!!" yeah. keep talking.

Problem with that is, Android devices rarely get updates.. you're only really ever secure if you own a Nexus device, cause updates come straight from google. so no need to wait for carriers to bring updates. which they never really do anyways.

Hey now... I got objective data, confirming that, indeed, Arch is best.

Sources:
https://bbs.archlinux.org/viewtopic.php?id=12926
https://wiki.archlinux.org/index.php/Arch_is_the_best

pretty ironic considering I used Manjaro for like 4 months, and is based on arch lol

How is that ironic? Don't mean to disrespects you. I just don't see it..

I've pretty much accepted the fact that any "computer" I use is vulnerable to something, so I don't worry about news like this.

I said that the Zero day effecting Linux is karma because of all Linux users who feel they are superior to others cause they use the Open source platform, but at the same time I used Manjaro which is based on arch, and there's alot of closed minded people out there that feel like Arch is the greatest thing to ever hit the earth.

I was making a comparison to the superiority complex some Linux users have to My preferred Linux distro of choice which is manjaro which also a lot of people who use anything arch related feel they are better than everyone else.

Ah! ^^
Just me being a bit slow. That is actually somewhat amusing :)

yeah i was referring to the arch thing. they are usually very fast with kernels updates. android is royally fucked

People are already complaining that it's not yet fixed and rolled out, over at the arch security IRC. Literally hours after it was published ^^

Spoiled much? :D

somehow i feel like i've seen this keyring exploit before.

Sour Grape much?

This has already been fixed and patches will roll out soon. That is why Open Source is more Secure because bugs are caught quickly. Unlike in closed source where problems fester.

App Armor and SELinux (what almost all versions of Linux have) mitigates this.

kinda sad actually :( had high hopes that arch would be all over having it done lol

Here's the original (and much better) article. Basically explains how to patch it in source, if you're brave enough.
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/