Nexus 5 and 6 Get Android Exploit Mid-March Fix

If you have a Nexus 5 or a Nexus 6 and have rooted it, depending on the app you used, your phone could be vulnerable to an elevated privledges in the Linux kernel of Android and the Google team have released a patch to address the issue.  To be very clear folks, this only impacts you if you have a rooted device and used a particular rooting tool to make it happen.  In the security bulletin on the subject, Google does not release the exact name of the tool that creates the problem but has been able to repeat the issue on these two devices – thus the update.

Within the bulletin, the Android team is forthcoming in that they have known about this exploit since 2014 but it wasn’t until March of this year that it was reported as having been exploited.  Once that happen, the team quickly moved to release this patch which will come as an OTA update to users.

This is a known issue in the upstream Linux kernel that was fixed in April 2014 but wasn’t called out as a security fix and assigned CVE-2015-1805 until February 2, 2015. On February 19, 2016, C0RE Team notified Google that the issue could be exploited on Android and a patch was developed to be included in an upcoming regularly scheduled monthly update.

Android Marshmallow Icon Screen
Android Marshmallow

On March 15, 2016 Google received a report from Zimperium that this vulnerability had been abused on a Nexus 5 device. Google has confirmed the existence of a publicly available rooting application that abuses this vulnerability on Nexus 5 and Nexus 6 to provide the device user with root privileges.

This issue is rated as a Critical severity issue due to the possibility of a local privilege escalation and arbitrary code execution leading to local permanent device compromise.

If you have not rooted your Nexus 5 or Nexus 6, again, you are not vulnerable as the process of approving apps within the Google Play Store prevents such elevations to happen.  If you have rooted on of these devices and are running Linux kernel lower than 3.18 then you are potentially vulnerable.  If your device is running Marshmallow, good news, you are running kernel 3.18.x and are not vulnerable.