According to new reports, Google is looking into a zero-day Linux bug but denies its effect on Android.
Earlier this week, a zero-day vulnerability in the Linux kernel was disclosed by security firm Perception Point. Dubbed CVE-2016-0728, Perception Point’s research team found that the bug has existed since 2012 but only recently discovered the flaw in Linux kernel version 3.8 and reported it to the Kernel security team. According to Perception Point, the flaw "has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices" though it added that "neither us nor the Kernel security team have observed any exploit targeting this vulnerability in the wild." Red Hat also announced CVE-2016-0728 this week.
Google was quick with a response to the newly disclosed Linux bug. On Wednesday, Google fired back saying, "We have prepared a patch, which has been released to open source and provided to partners today. This patch will be required on all devices with a security patch level of March 1 2016 or greater." Google was not pleased with how this vulnerability was handled, adding, "In addition, since this issue was released without prior notice to the Android Security Team, we are now investigating the claims made about the significance of this issue to the Android ecosystem. We believe that the number of Android devices affected is significantly smaller than initially reported." Google claims that Android 5.0 and all Nexus devices are safe from this bug in its entirety and that many devices running Android 4.4 and earlier do not contain the vulnerable code. Android users should expect to see a fix pushed out to their devices soon.
Photo: © iStock.