U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CVE-2016-569 Linux flaw leaves 1.4 billion Android devices vulnerable to hack

Experts from Lookout revealed that all Android versions running the Linux Kernel 3.6 to the latest are affected by the CVE-2016-569 Linux flaw. Recently I wrote about a severe vulnerability (CVE-2016-5696) affecting the Linux version 3.6, deployed in 2012. The flaw was discovered by researchers from the University of California, Riverside, and the U.S. Army […]

Android SandStrike malware

Experts from Lookout revealed that all Android versions running the Linux Kernel 3.6 to the latest are affected by the CVE-2016-569 Linux flaw.

Recently I wrote about a severe vulnerability (CVE-2016-5696) affecting the Linux version 3.6, deployed in 2012. The flaw was discovered by researchers from the University of California, Riverside, and the U.S. Army Research Laboratory that presented their findings at the USENIX Security 2016 conference.

The TCP/IP networking flaw allows attackers to spot communications between two entities and can be exploited to hijack the traffic and manipulate it if the exchange is not encrypted.

The attack is not considerable a man-in-the-middle attack, the attackers just need to send spoofed packets to both sides of the connection by simply knowing their IP addresses and destination ports.

Linux design flaw attack

According to the experts at Lookout security, the Linux vulnerability affects 80% of Android devices, it appears to have been introduced into Android version 4.4 (also called KitKat) and it is still present in the current versions.

“Lookout recently discovered a serious exploit in TCP reported this week also impacts nearly 80% of Android, or around 1.4 billion devices, based on an install base reported by Statista. The vulnerability lets attackers obtain unencrypted traffic and degrade encrypted traffic to spy on victims.” reported Lookout security in a blog post.

The Linux vulnerability could be exploited by attackers to hijack traffic, inject malware into downloads and web pages, and run a wide range of attacks.

In a classic attack scenario, hackers can inject a malicious JavaScript into unencrypted network traffic and display a message that falsely claims the user has been logged out of his account and request him to provide the login credentials.

A patch for the Linux kernel was available since July 11, 2016, but checking the latest developer preview of Android Nougat, the Google OS is still affected by the flaw.

A Google spokesman confirmed that it is already working on the issue by “taking the appropriate actions.” The Google representative highlighted that the Android security team only rates the risk “moderate.”

Stay Tuned.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Linux CVE-2016-569 flaw, Traffic Hijacking)