Monday , October 23 2017

Dirty Cow lives on, as Google’s November Bug Fix didn’t fix it

cvqcedhusaa_ey4

A flaw called Dirty Cow was recently discovered that allows the security of the Android bootloader to be bypassed. Most Linux distros have patched the bug but it seems that Google are yet to do so with Android with the bug still present after the November security updates.

Dirty Cow is an escalation-of-privilege vulnerability that was introcuded to the Linux kernel in 2007 and was made public in mid October of this year. The fact that it was made public led everyone to believe that it would be fixed in the November security update. Dirty Cow is the vulnerability used by developers to unlock the bootloader of the “unlockable” Verizon Pixel phones. Warnings were tweeted out by noted hackers for those with Verizon Pixel phones regarding the then-upcoming security updates:

However, after the security update OTA arrived, it seems that the Verizon Pixel bootloader unlock was still functional:

While the November security update did bring some important bug fixes, such as yet more Stagefright-style vulnerability fixes, it did not fix Dirty Cow. 

According to Hiroshi Lockheimer, SVP of Android, Chrome OS, and Google Play, monthly Android security patches are released to the public a month after they have been released to manufacturers. The idea behind this is that OEMs can, in theory, roll out their security patches at the same time as Google does to Nexus and Pixel devices. A Google spokesperson told Ars Technica that the Dirty Cow patch would arrive with the December security update.

In the meantime, those who used Dirty Cow to root their devices can continue to do enjoy full control over their device. How the patch will affect bootloaders etc that are already unlocked when it arrives in December is unknown. It is good to see security updates every month, but you would expect more urgent patches to arrive as soon as possible after public announcement of the vulnerability.

 
Source: Ars Technica.

Scott Plowman   Associate Editor

Scott is our modding guru - he has his finger on the pulse of all things ‘moddable’, pointing us towards all the cutting edge mods hacks that are available. When he’s not gymming it up, or scanning the heck out of Nexus devices, you'll find him on the Ausdroid Podcast.

Outside of Ausdroid, Scott's a health care professional and lecturer at a well known Victorian university.

Join the Ausdroid Conversation

1 Comment on "Dirty Cow lives on, as Google’s November Bug Fix didn’t fix it"

avatar
Sort by:   newest | oldest | most voted
Chris
Valued Guest
Chris

Oh it’s such a shame people can take control of their cell phones.

wpDiscuz

Check Also

Google search bar gets customisable in a new update

In the latest update to the Google app, rolling out now, a new option to …