Google Issues Supplemental Android Patch For Dirty COW Linux Security Hole

Google has released a supplemental patch for the Dirty COW Linux exploit that can be used by hackers to gain some control over some Android devices and execute malicious code.

While Google has yet to release an official, ‘full-fat’ fix for the flaw, the supplemental patch provides firmware updates to help tackle the security hole, while at the same time affording its partners the flexibility to find faster fixes for the new vulnerability in Android rather than being reliant on Google for the patch.

According to the search giant, the supplemental patch designation indicates that a device has already addressed the issues associated with Dirty COW. A full patch for Dirty COW is slated for release in the December Android Security Bulletin.

The flaw is a particularly nasty one as it can effect most version of Linux, which in part underpins many software systems including Android.

Fighting flaws

Dirty COW can be used to exploit the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings, hence its name.

This allows an unprivileged user to use the flaw to gain access to otherwise read-only memory, and from there they can increase their privileges on a targeted system or device and potentially execute code. Given the amount of Linux based system out in the world, Dirty COW has the scope to be used as a means for hackers to gain access to them.

The hole appears to be tricky to combat once it exploited as Red Hat noted is can be used in different layers of Linux making hacker attacks difficult to defend against with traditional security software.

“Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary,” Red Hat explained.

“This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether.”

All this means that while Dirty COW is not necessarily a dangerous security flaw by itself, but it can enable hackers with malicious intent to wreak havoc on targeted devices.

Dirty COW has apparently been around for nearly a decade but has recently been unearthed and exploited according to Red Hat researchers.

While Google takes a pro-active approach to securing Android, the cyber threats do not seem to be slowing down with the DressCode malware recently discovered to have infected hundreds of Google Play apps.

What do you know about Linux? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago