Geohot’s newly released app for rooting Android devices, Towelroot, leverages a Linux vulnerability in the futex subsystem. Identified as CVE-2014-3153, the security flaw affects the Linux kernel through 3.14.5 and allows administrator privilege through a FUTEX_REQUEUE command. Linux has been patched against this issue, but vulnerable versions are powering many Android devices on the market, and it is present on Android 4.4 (KitKat). Different Android devices have a different kernel, but so…
Comments are closed.
