Skip to content

November 9, 2016

Android’s latest update doesn’t patch major security flaw

by John_A

The November Android security update is live and it fixes 15 critical vulnerabilities, but it doesn’t patch a major Linux kernel exploit that can give hackers quick and complete access to devices running on Google’s OS. Researcher Phil Oester discovered the flaw (CVE-2016-5195) in October, though he believes it’s existed since 2007. The exploit is known as “Dirty COW” because of its basis in copy-on-write systems (and maybe because that name is adorable).

With this month’s security update, Google did roll out a “supplemental” firmware fix for Dirty COW across Nexus and Pixel devices. Plus, Samsung released a patch for its devices this month, according to Threatpost. An official Android patch for the Dirty COW issue is expected to land in December.

Oester, the researcher who discovered the flaw, told V3 that it’s “trivial to execute, never fails and has probably been around for years.” Dirty COW is sophisticated, and Oester said he was only able to catch it because he had been “capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox.”

“I would recommend this extra security measure to all admins,” Oester said.

Via: Threatpost, Ars Technica

Source: Android Security Bulletin

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: