Thursday, August 18, 2016

Faille in the heart of Linux, 1.4 billion affected Andoid devices – ZDNet France

A vulnerability has been detected in the heart of Android, ie in the core (or kernel) of the mobile operating system. The flaw was introduced by security researchers during the USENIX Conference 2016. It affects Linux, and by extension Android. The risk is described as medium.

This is poor management of TCP connections that allows hackers to inject data in unencrypted connections. What make an attack. The flaw affects the latest version of TCP, called RFC 5961, implemented in the Linux kernel since version 3.6. Note that this flaw of TCP neither Windows key, or Mac OS X.

Side usage, the flaw allows whether two computers communicate (provided that the attacker knows the IP addresses of machines) , or to interrupt connections. If communications are not encrypted, the flaw allows to inject data.



1.4 billion terminal would be vulnerable

smartphones running Android are also victims of this flaw. The Lookout publisher estimates that more than 1.4 billion devices would be vulnerable to an attack like this, slightly less than 80% of devices running Android Park

If even the last Android developer version of Google Nougat is affected, this vulnerability of the confession specialists, is not easy to exploit. Above all, a patch was manufactured and should be released soon. Meanwhile, Lookout does not recommend surfing with your Android mobile device on sites that are not encrypted HTTPS.
 



To go further on the subject

LikeTweet

No comments:

Post a Comment