Last month, we became aware of a local privilege escalation vulnerability in the Linux kernel (CVE-2013-2094). According to experts, the exploit has already been modified to work on the Android operating system.
Symantec reports that it’s likely for this exploit to be incorporated into Android malware in the upcoming period, a trend that’s been observed with other privilege escalation exploits.
“In the past, we have seen malware use privilege escalation exploits to access data from other applications, prevent uninstall, hide themselves, and also bypass the Android permissions model to enable behaviors such as sending premium SMS messages without user authorization,” Symantec says.
Unfortunately, some time will probably pass until a patch is made available for the Android devices affected by this exploit.
That’s why users are advised to download Android apps only from trusted websites and check the permissions they request before installing them.