Android November Security Update Doesn't Contain Fix for 'Dirty COW' Linux Flaw

Android November Security Update Doesn't Contain Fix for 'Dirty COW' Linux Flaw
Highlights
  • November security update fixes 15 critical vulnerabilities
  • Flaw was highlighted last month by Phil Oester
  • Doesn't leave any traces of exploitation behind
Advertisement

Last month, Linux security researcher Phil Oester discovered that a nine-year-old Linux kernel flaw (CVE-2016-5195) dubbed 'Dirty COW' is seeing active exploits in the wild. Google was expected to patch this flaw - after all, Android uses the Linux kernel - with its latest security update but as it turns out, the search giant has left out this dated flaw with its security update for November.

The November Android security update fixes 15 critical vulnerabilities associated with the platform, but surprisingly, this vulnerability discovered by Oester has still not found a fix. The extent of the danger posed by this vulnerability can be understood from the fact that Oester claims that on exploitation, it can give root access of a device to the attacker within five seconds.

"The exploit in the wild is trivial to execute, never fails and has probably been around for years - the version I obtained was compiled with gcc 4.8," Oester said last month. The bug was initially patched 11 years ago but the fix was later undone in another code commit.

Kaspersky Lab's Threatpost reports that while the main Android security update for the month of November did not contain a fix for the Dirty COW flaw, Google released a supplemental fix for Pixel and Nexus devices. It adds that Samsung also released a fix for its mobile devices. Google will introduce the Android-wide patch for Dirty COW in the December Android security update, the company told Threatpost.

As per the dedicated page for this flaw, exploitation of this bug doesn't leave any traces behind. This nature of the flaw makes it even more dangerous as the users will not be made aware even when their security has been compromised.

Further details about the latest Android security update can be found over here.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Sony Cyber-shot RX100 V Premium Compact Camera Launched at Rs. 79,990
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »