Release Android 9 department formally to unite many lunar hind in Gu Ge merely, on September 20, safe Pan Duo pulls a lab to release its Linux system to exist again in A the name is region of WrongZone (different) serious kernel flaw, be like personnel be yielded by black ash to master, can finish Root to carry power directly, the top limits of authority that acquires a system controls a mobile phone.
This is meant, the Root limits of authority with mobile phone top system can be produced by black ash gang palm accuses, so that the information such as all account password on equipment, can be held to accuse by filch, "The mobile phone installing eminent of on market 90% is put in this one hidden trouble, we are complete already the Root that realized machine of admiral of much money mainstream " , safe Pan Duo pulls group of laboratory security researcher to accuse to say to express in A, the platform that install eminent already very long did not appear such large-scale kill model serious flaw.
Nearly two years, the form that the safe water level of Android operating system shows exponential level is climbed ceaselessly litre, in the Android 9 that Gu Ge released in August 2018, shed integrality CFI(Control Flow Integrity) to defend to guarded process and kernel to introduce control partly mechanism, can defy put sb in a very important position of code of commonly used ROP/JOP/COOP uses skill directly.
"Linux kernel has crossed time burnish several years, the common logistic analysis that checks method and low administrative levels can hit analytic safe problem already repair. " the group accuses to say, but neither one system is apple-pie, of indestructible, analyse to kernel know sth like the palm of one's hand and deepness only, just discover a problem likely.
The plan says: Of Android 9 Preview carry authority to demonstrate an intention
? He also introduces, although Linux kernel can explode every year,give a few flaw, but the majority can not affect the system that install eminent. And, rare flaw can affect version of many kernels masterstroke, the loophole that can be used at Root to get top limits of authority is more rare.
Safe Pan Duo pulls a lab to be in early in this A of Android 9 preview edition already finished Root to carry power, be in test and verify of many brands admiral mobile phone the effectiveness of attack.
The reporter notices, mere two days ago (on September 18) , after safe Pan Duo pulls a lab to release IOS 12 system several hours in the apple in A, announce to realize perfect escape from prison, express to won't issue order of escape from prison external, this action studies to do safety only, so that promote whole system security better,zoology develops.
Inside nearly two years, this lab adds up to the safe flaw that reported about a hundred to cover IOS and Android system, had obtained Apple, Google and China make public express one's thanks to to wait for a manufacturer.
"Since safe Pan Duo pulls a lab to hold water oneself in A with respect to focusing at mobile and safe domain, the charge that includes pair of IOS and Android system security and defense technology study. " check room chief says safe Panduolashi in A, endanger this in view of flaw bigger, lab member already reported afore-mentioned flaw Google and Linux kernel community, the least information gives direct and synchronous flaw firm of domestic share mobile phone advance repair, suggest average user should maintain a system to update, avoid sealed applying to download installation as far as possible.
