Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. The recent discovery of a Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability (CVE-2013-2094) in the Performance Counters for Linux (PCL)—currently being exploited on various platforms—has now been modified to work on the Android operating system.
For anyone unfamiliar with the Android operating system, it is based off the open source Linux operating system. This means that many of the discovered Linux kernel based vulnerabilities have the possibility of being exploited in Android devices. However, with different Android devices using different versions of the Linux kernel, only certain devices may be affected by a particular exploit.
Privilege escalation exploits are particularly dangerous as they can allow cybercriminals to gain complete control over the compromised device. The Android operating system normally sandboxes every application so they cannot perform sensitive system operations or interfere with other installed applications. In the past, we have seen malware use privilege escalation exploits to access data from other applications, prevent uninstall, hide themselves, and also bypass the Android permissions model to enable behaviors such as sending premium SMS messages without user authorization.
As we noted in a 2011 blog on Android.Rootcager, privilege escalation exploits are quickly incorporated into malware, so we expect to see Android malware incorporating this new privilege escalation exploit before too long.
Symantec will continue to monitor the threat landscape for the use of any exploits. Until a patch is made available for all Android devices affected by this exploit, and to avoid becoming a victim of malicious applications, we recommend that you only use reputable marketplaces for downloading and installing applications.
If you suspect that your Android device has been compromised in any way, be sure to download the latest update to Norton Mobile Security and perform a full scan.