Google’s monthly security updates will see an additional rollout this month, after Google noted an exploit had been used on a Nexus 5.
The vulnerability – specifically CVE-2015-1805 – was being used by a rooting app, which used a previously reported exploit to gain local elevation of privilege. The vulnerability was scheduled to be patched as part of Google’s regularly scheduled monthly update, but once security researchers at Zimperium showed the exploit had been abused on a Nexus 5, and Google further found it could be used on a Nexus 6, Google moved forward with the mid-month patch.
Google has patched the exploit in AOSP, and shared the patch with partners who can roll the fix out as part of their own update schedule, to unpatched devices running kernel versions 3.4, 3.10 and 3.14, which includes all Nexus devices. Google specifically states that Android devices running Linux kernel 3.18 and above – which includes the newly released Galaxy S7 – are not affected.
The rooting app, as are all apps of this nature, is specifically blocked in Google Play, and the Verify Apps function in Android already detects applications using this specific vulnerability, so it has to be installed specifically to be used.
The fix is available, and Google has advised that ‘Nexus updates are being created and will be released within a few days’.