Critical vulnerabilities on Android allows you to unlock the root privileges: Incoming fix

Software that allows you to unlock root permissions of an Android smartphone, and then obtain full control, uses a longstanding vulnerability still not correct Linux kernel on Android. The bug was in fact placed on Linux to April 2014 but has not been marked as vulnerable until February 2015. The community began to differentiate it with the identifier CVE-2015-1805, but despite this, the fix was not built on Android, the mobile OS based on Linux known.

It was last February 19 that a group of researchers known as c0re Team has made this Google that exploits the vulnerability of Android could be delivered to the user and, above all, for an attacker can gain root privileges inside the device. Google promptly answered the call of the security team starting to work on a patch whose release is planned for an upcoming monthly updates.

On 15 March, another computer security company, Zimperium, had notified Google that the vulnerability had been actively exploited to ensure root permissions on your Android device. Although this is a feature often required by the most demanding users, "rootare" a smartphone or a tablet translates parallel in removing certain security restrictions, granting third-party apps to have full control on the same device.

The release of root permissions is a widely sought after by the so-called practical enthusiast users to have maximum control over your smartphone, but at the same time it is a usable freedom even from malicious software to take root in the operating system and strike extremely sensitive system files . Precisely why Google does not officially condone and will not allow the publication of app to perform the procedure within the Google Play store.

"Google has confirmed the existence of an app rooting publicly available abusing this vulnerability on Nexus 5 and Nexus 6 to provide the user with root privileges," he wrote the company publicly within a safety note released recently. Although the software itself is not marked as malicious, there is a serious risk of infection for the above devices. An attacker can in fact take advantage of the bug to spread malware.

Google has already released a patch for this vulnerability to manufacturers of third-party devices and also published on the Android Open Source Project (AOSP) for versions 3.4, 3.10, 3.14 Android kernel, while the version 3.18 onwards, the vulnerability is not this. The company has already planned to include the fixes in security updates for Nexus devices of next April. Until then the company recommends users to download applications only from Google Play and keep the current setting Verify Apps. The devices marked with a security patch level of the March 18, 2016 or later are already protected.