BT

Your opinion matters! Please fill in the InfoQ Survey!

All Android Versions May Be Affected by Dirty COW Linux Vulnerability

| by Sergio De Simone Follow 5 Followers on Oct 26, 2016. Estimated reading time: 1 minute |

A note to our readers: As per your request we have developed a set of features that allow you to reduce the noise, while not losing sight of anything that is important. Get email and web notifications by choosing the topics you are interested in.

Recently disclosed Dirty COW Linux privilege escalation vulnerability is likely to affect all Android versions, say security researchers.

Security researcher David Manouchehri told Ars Technica that he has been able to gain persistent root access on five different Android devices that he used. He goes on to say that the vulnerability should be very easy to exploit for anyone familiar with the Android filesystem and that it should affect all Android versions right from 1.0. Manouchehri based its code on a proof-of-concept which is available on GitHub, but other security researchers are known to have developed an alternate way of rooting a device based on another publicly available exploit, according to Ars Technica.

Dirty COW has been present in the Linux kernel for several years, writes Linus Torvald in the comment to the patch that fixes it. He explains that the vulnerability was originally fixed by himself 11 years ago, but was reintroduced in 2005. Dirty COW owns its name to its being related to a race condition in how Linux “handled the copy-on-write breakage of private read-only memory mappings”.

According to Phil Oester, which uncovered the vulnerability, all Linux users should patch their systems as soon as possible as the vulnerability has been already exploited in the wild:

One of the sites I manage was compromised, and an exploit of this issue was uploaded and executed.

Since a fix for Dirty COW is already available, all Linux system can be easily patched. It is unclear, though, how quickly the fix will flow through the Android installed base. Indeed, even if Android is patched with the next security release, limitations set by manufacturers or lack of support by providers could make it impossible to deploy it widely on all devices.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT