Researchers have found that a Chinese chip manufacturer for low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices has shipped a vulnerable Linux kernel in its latest product.
The operating system 3.4 legacy Linux kernel for H3/A83T/H8 produced by Allwinner, a Chinese system-on-a-chip company, apparently contains a serious vulnerability that can produce local privileges escalation. A backdoor. According to security researchers, the company’s ARM Linux kernel includes code, “rootmydevice”, that gives apps running on the device root.
According to Ambian, a company that makes Linux distros for prototyping and development boards, the vulnerability affects every OS image for H3, A83T or H8 devices that rely on Kernel 3.4. For example Orange Pi, a low-cost prototyping board, currently runs on H3.
Click here to read more ...