Latest in Gear

Image credit:

Android's latest update doesn't patch major security flaw

According to Google's standard update schedule, a fix for the 'Dirty COW' exploit should arrive next month.
Jessica Conditt, @JessConditt
November 8, 2016
Share
Tweet
Share

Sponsored Links

The November Android security update is live and it fixes 15 critical vulnerabilities, but it doesn't patch a major Linux kernel exploit that can give hackers quick and complete access to devices running on Google's OS. Researcher Phil Oester discovered the flaw (CVE-2016-5195) in October, though he believes it's existed since 2007. The exploit is known as "Dirty COW" because of its basis in copy-on-write systems (and maybe because that name is adorable).

With this month's security update, Google did roll out a "supplemental" firmware fix for Dirty COW across Nexus and Pixel devices. Plus, Samsung released a patch for its devices this month, according to Threatpost. An official Android patch for the Dirty COW issue is expected to land in December.

Oester, the researcher who discovered the flaw, told V3 that it's "trivial to execute, never fails and has probably been around for years." Dirty COW is sophisticated, and Oester said he was only able to catch it because he had been "capturing all inbound HTTP traffic and was able to extract the exploit and test it out in a sandbox."

"I would recommend this extra security measure to all admins," Oester said.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

'Uncharted' set photos offer our first look at Tom Holland as Nathan Drake

'Uncharted' set photos offer our first look at Tom Holland as Nathan Drake

View
Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View
Google Fi's phone subscription gets you a Pixel 4a for just $15 per month

Google Fi's phone subscription gets you a Pixel 4a for just $15 per month

View
California Uber drivers sue company over Prop 22 app notifications

California Uber drivers sue company over Prop 22 app notifications

View
Get ready to raid 'Ghost of Tsushima' on October 30th

Get ready to raid 'Ghost of Tsushima' on October 30th

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr