Enlargeportal gda / Flickr

Researchers have disclosed a zeroday vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an affected device.

The privilege-escalation flaw is located in the V4L2 driver, which Android and other Linux-based OSes use to capture real-time video. The vulnerability results from a "lack of validating the existence of an object prior to performing operations on the object," researchers with Trend Micro's Zero Day Initiative said in a blog post published Wednesday. Attackers who already have untrusted code running with low privileges on a device can exploit the bug to access privileged parts of the Android kernel. The severity score is rated a 7.8 out of a possible 10 points.

Modern OSes have become increasingly hard to compromise in recent years thanks to exploitation mitigations that prevent untrusted code from interacting with hard drives, kernels, and other sensitive resources. Hackers have responded by chaining two or more exploits together. A buffer overflow, for instance, may allow an attacker to load malicious code into memory, and a privilege-escalation flaw gives the code the privileges it needs to install a persistent payload.

The net result of all of this: privilege-escalation bugs are increasingly valuable, as demonstrated by the so-called Dirty Cow vulnerability discovered affecting Linux in 2016. Within days of being discovered, the privilege-escalation bug was being used to root Android devices. A year after coming to light, Dirty Cow was being exploited by malicious apps to bypass security protections built into Android.

"This vulnerability is similar to Dirty Cow in that it is in the core code of the kernel, so it would apply to all Android devices," Christoph Hebeisen, director of security intelligence at mobile security provider Lookout, told Ars. "However, an exploit based on this vulnerability would not be as elegant as DirtyCow and probably not quite as reliable."

Based on the advisory, Hebeisen said it appears only apps or code that already have access to the V4L subsystem used by an attached camera could exploit the flaw. Dirty Cow, by contrast, resided in a core memoRead More – Source