Google patches Dirty Cow Linux vulnerability in Android security bulletin – Inquirer


December 9, 2016 Facebook Twitter LinkedIn Google+ Uncategorized


GOOD NEWS SECURITY FANS, Google has tackled that Dirty Cow problem that had us all sniggering at the back.

The fix comes as part of an Android security bulletin, naturally, and comes with a number of fixes for some core security problems. You are, of course, advised to update at your earliest possible opportunity.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site,” said the firm.

“The most severe of these issues are Critical security vulnerabilities in device-specific code that could enable arbitrary code execution within the context of the kernel, leading to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.

“We have had no reports of active customer exploitation or abuse of these newly reported issues. We encourage all customers to accept these updates to their devices.”

Google has already made some effort to tackle the Linux cow problem that has made itself known on Android devices, and issued a supplementary patch last month. Supplemental security patch levels are provided to identify devices that contain fixes for issues that were publicly disclosed after the patch level was defined,” the company said then as it made do.

“Addressing these recently disclosed vulnerabilities is not required until the 1 December security patch level. Supported Google devices will receive a single update over the air.”

This December update also includes fixes for some issues with Qualcomm components and sees Google stepping in to shut off arbitrary code execution.

“An elevation of privilege vulnerability in the Qualcomm MSM interface could enable a local malicious application to execute arbitrary code within the context of the kernel,” said Google. “This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.”

Ah just get on with your updating guys. µ

Comments