A near decade old security flaw in the Linux kernel that is being exploited by hackers can also affect Android, it has been reported.
Last week Red Hat advised all Linux users to patch the hole as soon as possible, after it found that Dirty COW existed in nearly all versions of the Linux source code for many years.
The name is derived from how the flaw exploits the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.
And given the spread of the open source operating system, the flaw potentially affected a huge number of systems.
And this seems to be the case as Android of course was developed on top of Linux, and this privilege-escalation bug can apparently be used on Android to give hackers root access to a device.
Security researcher David Manouchehri published proof-of-concept code that can exploit Dirty Cow on Android and provide root access on a number of Android devices.
“It’s very easy for someone who’s somewhat familiar with the Android filesystem,” Manouchehri told ArsTechnica. “From what I can tell, in theory it should be able to root every device since Android 1.0. Android 1.0 started on [Linux] kernel [version] 2.6.25, and this exploit has been around since [Linux kernel version] 2.6.22.”
“Successfully got root access on Android 6.0.1 via the DirtyCow exploit (CVE-2016-5195),” Manouchehri tweeted.
The discovery that Dirty COW can also be used to exploit Android comes amid continuing security concerns about Android.
Last week for example a study found that a single family of malware accounted for most of the current infections on Android devices.
Mobile security firm Cheetah Mobile examined what it said are the two most prevalent Trojan horses on Android – called com.sms.sys.manager and com.al.alarm.controller – and found they were slightly altered variants of a single family, known as Ghost Push.
Also last week McAfee Labs discovered a variant of the Acecard trojan malware which tricks gullible Android users into posing for a selfie while handing over other personal information.
Earlier this month Google patched a massive 78 Android vulnerabilities with its latest security bulletin for the mobile operating system.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…