HITB2016AMS

A Look at Linux, Android Zero-Days and the Perils of Patches

http://www.eweek.com/imagesvr_ce/3547/290_AndroidSecurity.jpg

A zero-day vulnerability is reported against Linux and Android, but the real risk lies in known issues that users have not yet patched.

Some vulnerabilities have a bigger impact that others, and not every flaw that a researcher claims is critical represents an immediate risk to users.

Case in point: security firm Perception Point's recent disclosure of the CVE-2016-0728 vulnerability. Perception Point alleges that the zero-day flaw exposes tens of millions of Linux devices, including Android phones to the risk of exploitation. As it turns out, the risk is not quite as pronounced as indicated, and there are significantly more pressing security issues that Android users should likely be concerned about.