A zero-day bug in version 3.8 of Linux can potentially affect millions of Linux computers and servers as well as 66 percent of Android devices.
Perception Point, a small Israeli start-up, discovered the bug and is working on an exploit to get around Security-Enhanced Linus (SELinux) as, “the most important thing for now is to patch it as soon as you can.”
Despite the discovery, Android's security chief Adrian Ludwig disagreed with the start-up's claims. “In addition, since this issue was released without prior notice to the Android Security Team, we are now investigating the claims made about the significance of this issue to the Android ecosystem. We believe that the number of Android devices affected is significantly smaller than initially reported,” Ludwig said in a Google Plus post.
Ludwig said many devices running Android 4.4 KitKat and under are not affected since Linux 3.8 isn't common on older devices. Android devices with Android 5.0 and up do have the vulnerability, but they are protected since SELinux “prevents third-party applications from reaching the affected code” on those versions of Android.
In March, a security patch from Google will be released to open source and partners. Google Nexus devices will receive an automatic update over the air, however non-Google device users must wait for vendors and carriers to issue the fix—meaning most Androids could remain unsecure for a while.