Patch/Configuration Management, Vulnerability Management

Google issues unplanned security advisory for Android

A critical Android patch, supplementing one already issued earlier in March, will soon be issued by Google to fix a rooting application that affects all unpatched Android devices on kernel versions 3.4, 3.10 and 3.14, including all Nexus devices.

The unplanned patch (2016-03-18) addresses a known issue in the upstream Linux kernel, an unpatched local elevation of privilege vulnerability (CVE-2015-1805), according to Android's advisories site.

A user would have to load the app and Google said that using Verify Apps it already blocks installation of rooting applications that use this vulnerability — both within Google Play and outside of Google Play. The company claimed it has updated its systems as well to detect applications that use this specific vulnerability.

However, to offer a "final layer of defense for this issue," it stated that Nexus updates are being created and will be released within a few days. "Source code patches for this issue have been released to the Android Open Source Project (AOSP) repository," the company wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.