Google insists Linux bug is not a major threat
Earlier this week, news broke that an exploitable bug in the Linux kernel made vulnerable tens of millions of Linux machines and up to 66% of all Android devices. Some understandably-raised eyebrows rippled through the tech world, and comments and forums foamed with argument regarding how serious this threat really was. Now, Google has announced via a Google+ post that far fewer Android devices are affected by this issue than were previously reported.
In contrast to Perception Point’s report, Google claims that all Android 5.0 Lollipop devices, including the entire Nexus line, have an extra layer of security called SELinux that would render any exploits of this bug useless. What’s more, most devices running Android 4.4 and earlier use code older than Linux kernel 3.8, meaning they do not contain the bug. This makes the list of affected devices markedly slimmer than the previously reported 66%.See also: Linux bug renders vulnerable 66% of all Android devices
Nevertheless, Google has created a patch for the bug and is mandating that it be pushed out to all devices no later than March 1, 2016. The company also expressed some mild irritation that the Android Security Team was not informed of the bug prior to the information going public. Caught flat-footed, the team had to scramble to analyze how widely this bug really impacted the Android ecosystem while simultaneously creating solutions to be implemented on affected devices.
The general response to this proclamation is an outbreath of held-in air, but some commenters are still expressing concern. What are your thoughts regarding this Linux bug and the drama surrounding its announcement? Is Google downplaying the threat? Is Perception Point exaggerating the scale of this vulnerability? Let us know your thoughts in the comments below!