- Oct 23, 2012
- 12,527
The so-called Dirty Cow flaw has been discovered and reported only last month, even though it's been present in some form in all Android devices since the release of the operating system.
However, there should have been enough time for Google to patch the rooting bug and provide the fix in the November security update that's just been released for Nexus and Pixel devices.
Unfortunately, Ars Technica reports that the November security patch does not contain a fix for the dreaded Dirty Cow flaw. For the non tech-savvies, the Dirty Cow bug is an escalation-of-privelege, which was added to the core of the Linux kernel back in 2007, which is why it affects all Android versions.
Since this a major exploit that hackers can take advantage of very easy, it's a big surprise that Google hasn't find the time to patch it. Apparently, the now well-known vulnerability is already being exploited maliciously against Linux server so that untrusted users can gain “root” privileges.
However, there should have been enough time for Google to patch the rooting bug and provide the fix in the November security update that's just been released for Nexus and Pixel devices.
Unfortunately, Ars Technica reports that the November security patch does not contain a fix for the dreaded Dirty Cow flaw. For the non tech-savvies, the Dirty Cow bug is an escalation-of-privelege, which was added to the core of the Linux kernel back in 2007, which is why it affects all Android versions.
Since this a major exploit that hackers can take advantage of very easy, it's a big surprise that Google hasn't find the time to patch it. Apparently, the now well-known vulnerability is already being exploited maliciously against Linux server so that untrusted users can gain “root” privileges.
The same exploit was used to unlock Verizon Pixel's bootloader
But Android fans are using the Dirty Cow bug to root their phones. In fact, the last smartphone that “benefited” from the exploit is the Verizon Pixel phone, which had its bootloader unlocked using this method.
Many thought that Google will patch the issue in the November security update and advised those with Verizon Pixel phones to wait a bit before updating if they want their bootloader to remain unlocked.
Well, it appears that half a month wasn't enough for Google to address the Dirty Cow rooting bug, as the search giant explains that the security patches are released a month after made available to manufacturers.
Basically, this means that the November security patch was ready about a month ago, but it's only been released recently. Here is hoping that the December update will contain a fix for this critical flaw.