Nearly a month after the flaw was patched in Linux, Android finally released a patch for the Dirty Cow Vulnerability.
The flaw, CVE-2016-5195, which is rated critical and exists in the copy-on-write (COW) feature, could be used by an attacker with local access to obtain root privileges on a Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus Player, Pixel, or Pixel XL device, according to Dec. 5 Android Security Bulletin.
The Dirty Cow vulnerability was patched in Linux back in October and is severe because it allows one to escalate his/her privileges to administrator (root) level, Lastline Co-founder and CTO Giovanni Vigna told SC Media.
“It represents a very subtle race condition on the copy-on-write (COW, hence the name) mechanism used by Linux,” Vigna said. “It requires an account on the host/smartphone in order to be exercised, and therefore it cannot be remotely exploited, but it is nonetheless severe.”
Dirty Cow was one of 11 critical vulnerabilities which were also included in the patch along with patches for 10 severity vulnerabilities and a combined total of more than 50 security flaws.
The vulnerability was partially addressed with a supplemental firmware update in Nexus and Pixel handsets in an update last month.