Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn
Security researchers with the Zero Day Initiative (ZDI) are warning that Google has failed to include a high-severity privilege escalation vulnerability in the collection of security patches it released for the Android platform this week. The bug affects the v4l2 (Video4Linux 2) driver used in Android devices.
ZDI disclosed the flaw to Google in March of this year. And while Google confirmed that it would fix the vulnerability, it did not indicate when this would happen. Since the flaw remains unfixed, ZDI has now decided to warn users about the issue. The researchers say that “given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service, ”which “could be accomplished in a number of ways, most notably with firewall rules/whitelisting.”