the
Dirty Cow
We wrote earlier this week about the Dirty Cow-vulnerability: an eleven-year-old bug discovered by Linus Torvalds and was then solved, but the solution caused another problem that the fix was reverted. The bug is then apparently “forgotten” but is now finally being addressed. It was not yet known whether the vulnerability is also to be found on Android devices. That now appears to be the case.
Beveiligingsonderzoeker David Manouchehri has a proof of concept posted on github. The code can, in combination with a few extra lines of code, Android devices fully rooten.
All Android versions vulnerable
“It’s very easy for someone who is a bit familiar with the Android file system. As far as I know this exploit on any Android device since version 1.0. Android 1.0 started with Linux Kernel 2.6.25, and the leak is already present since version 2.6.22,” said Manouchehri.
Also, other security researchers (who are not mentioned by name would be) and now have root exploits developed. These are all based on the publicly available Dirty Cow exploit. This is adapted to work on Android devices.
On the following page: Quite a doordrammen
No comments:
Post a Comment