Google Finally Patches 'Dirty COW' Linux Vulnerability With December Android Security Update – NDTV


December 6, 2016 Facebook Twitter LinkedIn Google+ Linux


In October, Linux security researcher discovered that a nine-year old Linux kernel flaw (CVE-2016-5195) was witnessing active exploits in the wild. The flaw was dubbed “Dirty COW”, an acronym for the duplication technique called copy-on-write, and could potentially give root access of a device to the attacker within a matter of seconds. Now, Google has finally patched the critical flaw on Linux with its latest Android security update, and the patch is available for OEMs to implement on their Android devices.

The latest security update from the search giant, released alongside the Android 7.1.1. Nougat update on Monday, fixes over 50 security flaws including 11 with critical severity – including Dirty Cow. “The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with gcc 4.8,” Oester said in October. The bug was initially patched 11 years ago but the fix was later undone in another code commit.

Last month, Google was expected to patch the flaw with its security update for November but the company couldn’t patch the flaw at the time. However, Google released a supplemental fix for Pixel and Nexus devices. Kaspersky Lab’s Threatpost reported that Samsung also released a fix for its mobile devices. Google had said that the company will introduce the Android-wide patch for Dirty COW in the December Android security update.

Comments