Android's Latest Update Doesn't Patch Major Security Flaw 'Dirty COW' (engadget.com) 23

Posted by msmash on Wednesday November 09, 2016 @12:00PM from the no-relief dept.

The November Android security update is live and it fixes 15 critical vulnerabilities, but it doesn't patch a major Linux kernel exploit that can give hackers quick and complete access to devices running on Google's OS. From a report on Engadget: Researcher Phil Oester discovered the flaw (CVE-2016-5195) in October, though he believes it's existed since 2007. The exploit is known as "Dirty COW" because of its basis in copy-on-write systems (and maybe because that name is adorable). With this month's security update, Google did roll out a "supplemental" firmware fix for Dirty COW across Nexus and Pixel devices. Plus, Samsung released a patch for its devices this month, according to Threatpost. An official Android patch for the Dirty COW issue is expected to land in December.

Android's Latest Update Doesn't Patch Major Security Flaw 'Dirty COW'

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 23 Comments Log In/Create an Account

Comments Filter:

My Grandma asked if she should be worried. (Score:4, Insightful)

by Anonymous Coward writes: on Wednesday November 09, 2016 @12:13PM (#53246793)

I told her to root her phone, get the source code and fix it herself.
Problem solved.

- Re: (Score:2)
  
  by just another AC ( 2679463 ) writes:
  
  I told her to root her phone,
  In Australia when you use root as a verb it means to procreate. (yes this is a problem given how "gaining root access" is a more common discussion)
  I now cannot get that image out of my head. Thanks for ruining my day.
- Re: (Score:2)
  
  by antdude ( 79039 ) writes:
  
  What did she say and did she do it? :P
- Re: (Score:2)
  
  by Big Hairy Ian ( 1155547 ) writes:
  
  What's the point only about 1% of devices will actually get the patch
- - - Re: (Score:2)
      
      by Curtman ( 556920 ) * writes:
      
      For sure, we've all been there on the access Hollywood bus and said ridiculous things about having molested women.. WTF is wrong with your country?
RedHat patches (Score:2)

by emil ( 695 ) writes:

RedHat released backported Dirty Cow patches for the 2.6.18 kernel in EL5 last Friday.
Why isn't Google using a RedHat kernel in Android, and applying the backported updates to /boot and /system, around OEM drivers?
Why is the kernel "untouchable" by Google on non-Nexus devices? It didn't have to be this way. RedHat certainly makes kernel updates work with 3rd-party drivers. Oracle ksplice can even apply them without a reboot.
The Cow Meme (Score:2)

by Calydor ( 739835 ) writes:

All you Dirty COWs go moo.
Non-story (Score:2)

by The MAZZTer ( 911996 ) writes:

The flaw was discovered AFTER the patch was finalized. Until they invent time travel, there isn't much Google can do at that point. The next patch, which is the first one which will be finalized after the discovery of this flaw, will have the fix. That's really the best anyone can expect I'd think.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Android's Latest Update Doesn't Patch Major Security Flaw 'Dirty COW' (engadget.com) 23

Android's Latest Update Doesn't Patch Major Security Flaw 'Dirty COW' More Login

Android's Latest Update Doesn't Patch Major Security Flaw 'Dirty COW'

My Grandma asked if she should be worried. (Score:4, Insightful)

Re: (Score:2)

Re: (Score:2)

Re: (Score:2)

Re: (Score:2)

RedHat patches (Score:2)

The Cow Meme (Score:2)

Non-story (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot