Google Issues Supplemental Android Patch For Dirty COW Linux Security Hole

Google has released a supplemental patch for the Dirty COW Linux exploit that can be used by hackers to gain some control over some Android devices and execute malicious code.

While Google has yet to release an official, ‘full-fat’ fix for the flaw, the supplemental patch provides firmware updates to help tackle the security hole, while at the same time affording its partners the flexibility to find faster fixes for the new vulnerability in Android rather than being reliant on Google for the patch.

According to the search giant, the supplemental patch designation indicates that a device has already addressed the issues associated with Dirty COW. A full patch for Dirty COW is slated for release in the December Android Security Bulletin.

The flaw is a particularly nasty one as it can effect most version of Linux, which in part underpins many software systems including Android.

Fighting flaws

Dirty COW can be used to exploit the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings, hence its name.

This allows an unprivileged user to use the flaw to gain access to otherwise read-only memory, and from there they can increase their privileges on a targeted system or device and potentially execute code. Given the amount of Linux based system out in the world, Dirty COW has the scope to be used as a means for hackers to gain access to them.

The hole appears to be tricky to combat once it exploited as Red Hat noted is can be used in different layers of Linux making hacker attacks difficult to defend against with traditional security software.

“Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary,” Red Hat explained.

“This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether.”

All this means that while Dirty COW is not necessarily a dangerous security flaw by itself, but it can enable hackers with malicious intent to wreak havoc on targeted devices.

Dirty COW has apparently been around for nearly a decade but has recently been unearthed and exploited according to Red Hat researchers.

While Google takes a pro-active approach to securing Android, the cyber threats do not seem to be slowing down with the DressCode malware recently discovered to have infected hundreds of Google Play apps.

What do you know about Linux? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

9 hours ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

11 hours ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

12 hours ago

UK Government Launch AI Safety Platform For Businesses

New AI assurance platform from UK government will help businesses ensure they can safely develop…

12 hours ago

Australia Plans Social Media Ban For Children Under 16

Protecting kids? Australian government confirms plan to implement restriction on social media for children under…

14 hours ago

Canada Orders Shutdown Of TikTok’s Canadian Business

Canada ordered China's TikTok business in the country to be dissolved over national security risks,…

16 hours ago