Ars Technica reported yesterday that every Nexus phone ever made, plus millions of others, are vulnerable to a newly-discovered exploit that can root your hardware and permanently compromise it. The vulnerability, identified as CVE-2015-1805, stems from the Linux kernel that powers Android. Linux developers patched it in 2014 but, for reasons unknown, it wasn’t fixed for Nexus until last Friday’s security update, and might still be a problem for other affected devices.
Does this mean you should immediately unroot your Nexus, or avoid the brand altogether? Nope. Not now, not ever. For me root remains the defining feature of Android; if I wanted a locked-down Internet appliance I’d buy an iPhone. Seriously.
Here’s XDA’s azrienoch explaining how, thanks to SuperSU, a rooted Android phone is actually more secure than an unrooted one:
There’s also the root apps and custom ROM features that eventually made their way to Android proper—from tethering and theming all the way to the runtime app permissions now standard in Android M. Of course, one thing you’re never likely to see in a stock Android ROM is an ad-blocker. For that, there’s AdAway. Problem solved.
As for CVE-2015-1805 I’m sure the next spin of my custom ROM will include Google’s patch for it; until then I’ll continue to enjoy an open mobile computer that’s mine to do with as I see fit.
Source: Ars Technica