Author Topic: Linux / Android bug  (Read 1646 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 19872
Linux / Android bug
« on: Friday, 21 October, 2016 @ 18:45:12 »
Patch your Linux-powered systems, phones and gadgets as soon as possible, if you can, to kill off a kernel-level flaw affecting nearly every distro of the open-source operating system.

Dubbed Dirty COW, the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

While the flaw is not by itself a gravely serious or uncommon condition – Microsoft fixes priv-esc bugs in Windows practically every month – this vulnerability could prove particularly troublesome: it has been present in the Linux kernel since version 2.6.22 in 2007, and it is very easy to reliably exploit. We're told it is also present in Android, which is powered by the Linux kernel.

According to a website dedicated to Dirty COW, a patch for the Linux kernel has been developed, and major vendors including Red Hat, Debian and Ubuntu have already released fixes for their respective Linux flavors.

Linux, a free open-source operating system, is at the heart of a huge number of applications, but its most well-known uses are in webservers (under brand names such as Red Hat, Ubuntu and Debian) and as the core of Android, Google’s operating system for smartphones.

The bug is already patched on some of the major versions of Linux, including Red Hat, Debian and Ubuntu. But for millions of other devices that run Linux, particularly embedded versions of the operating system, the patch will be difficult to apply, and potentially nonexistent.

That also applies to Android: the mobile operating system is affected. While top-end Android devices, such as the Galaxy S7 and Pixel, receive regular security updates, the vast majority of Android devices sold receive few, if any, post-sale updates.

Google declined to comment, but confirmed that Android is one of the Linux distributions affected.