Bug in Linux kernel reportedly leaves 66% of Android devices vulnerable; Google responds

A new zero-day vulnerability has been found in the Linux kernel used by Android. The discovery, made by the Perception Point Research team, reveals a flaw that has been around since 2012, and could affect as many as 66% of current Android phones and tablets. The good news is that the security researchers have not found that any attempts have been made to exploit the vulnerability. Still, the research team says that the flaw needs to patched immediately.

According to a second report published today, this particular flaw can actually allow a malicious app to "breakout" of a secure sandbox and take control of some Android functions. The report added that the flaw could cause certain apps to take over the camera, microphone, GPS location and personal data. The flaw was reportedly introduced to Linux kernel 3.8 in early 2013.

Google responded this afternoon by saying that its own researchers do not believe that Android devices are vulnerable to exploits by third party apps. The company added that the number of Android devices that are at risk is "significantly smaller than initially reported." Despite Google's unworried response to the initial report, it still plans to issue a patch in March.

source: PerceptionPoint via ArsTechnica