It is a DRAM related vulnerability
and
There is a partial fix for the flaw (CVE-2016-6728)
From the article:
The name Drammer is short for deterministic Rowhammer
The vulnerability, dubbed Drammer, could give an attacker root access to millions of Android handsets including Nexus, Samsung, LG and Motorola.
The attack method employs an existing PC-based hack known as Rowhammer, a technique that targets rows of cells of memory in DRAM devices to induce cells to flip from one state to another.
“Drammer is the first Android root exploit that relies on no software vulnerability and is an instance of the Flip Feng Shui exploitation technique,”
The Android Security team said it would issue a partial fix for the flaw (CVE-2016-6728) with its November security bulletin. However researchers point out, Google’s patch will make it much harder for an attacker to launch a Drammer attack, it does not eradicate it. “We hope to see a more sophisticated fix soon,” according to researchers.
https://threatpost.com/rowhammer-vulnerability-comes-to-android/121480/
No comments:
Post a Comment