Researchers have disclosed a zero-day vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an affected device.
The privilege-escalation flaw is located in the V4L2 driver, which Android and other Linux-based OSes use to capture real-time video. The vulnerability results from a “lack of validating the existence of an object prior to performing operations on the object,” researchers with Trend Micro’s Zero Day Initiative said in a blog post published Wednesday.
