PINDROP BLOG

December Android Update Fixes Dirty Cow Flaw

Google has released a fix for the so-called Dirty Cow vulnerability for Android, a Linux kernel bug disclosed in October. The patch comes in the December Android security update, which also includes fixes for more than two dozen other vulnerabilities.

The Dirty Cow bug is a privilege escalation vulnerability in the Linux kernel that has been in the code for 10 years. A researchers disclosed details of the flaw in October but Google wasn’t able to get a patch out to all Android owners in November. The company did release a patch for that bug for Nexus devices last month but this month’s update has a fix for most other devices, as well.

In addition to the Dirty Cow bug, Google also patched a number of other dangerous vulnerabilities, including a couple of remote-code execution flaws. Among those are several vulnerabilities the CURL and LIBCURL libraries in Android.

“The most severe issue could enable a man-in-the-middle attacker using a forged certificate to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the attacker needing a forged certificate,” the Android bulletin says.

The other remote-code execution is in the Framesequence library in Android.

“A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library,” the bulletin says.

Among the other vulnerabilities fixed this month is an issue with the Qualcomm components used in some Android devices. An attacker could use the bug to run code in the context of the kernel.

“An elevation of privilege vulnerability in the Qualcomm MSM interface could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device,” the the bulletin says.

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS