I've been reading snippets about the latest Android vulnerability here and there, but have never fully understood it—that is until yesterday, when Android Central's Jerry Hildenbrand posted his excellent breakdown of CONFIG_KEYS
to that site.
The attack vector was recently discovered by a security company called Perception Point
. It's an issue not with Android itself but with the Linux kernel that lies underneath, potentially affecting up to 66% of all Android devices along with tens of millions
of Linux-powered PCs and servers.
Sounds scary, right? Fortunately, like Stagefright
, the only successful attacks using this exploit have been carried out in security research firm labs, and the aggregate risk to Android users is low.