Dirty COW Works on Android

Wednesday, October 26, 2016 @ 04:10 PM gHale


The Linux kernel vulnerability called “Dirty COW” can reach root privileges on Android devices, security researchers reveal.

The vulnerability ended up called Dirty COW because it is caused by a race condition in the manner in which the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings.

RELATED STORIES
Dirty COW Zero-Day Patched
Backdoor Hits WTP
New Backdoor Trojan
Switch in Malware Distribution

The bug can end up leveraged by a local attacker to escalate privileges by modifying existing setuid files.

Red Hat said the vulnerability was important and an exploit leveraging it was already used in the wild. A fix for the Linux kernel released October 13, and Linux distributions started releasing updates.

By altering the copy-on-write cache provided by the kernel, an attacker changes what the system and apps see when reading the affected files. The flaw can modify almost any file, even if the partition is mounted as read-only, but, because the change only affects the cache in memory, it won’t persist after reboot.

However, the flaw can end up exploited to gain root privileges and compromise an entire system, and all devices running a Linux kernel higher than 2.6.22 are most probably affected by this, said researchers at NowSecure in a blog post.

All devices running a vulnerable version of Android, regardless of the manufacturer, can end up compromised through this flaw if they haven’t been patched, NowSecure researchers said.

To exploit the vulnerability, however, an attacker needs to run code on the affected device, which can happen via the Android Debug Bridge (ADB) over USB or by installing an app that makes use of the exploit. Because this is a local vulnerability, users can protect themselves by avoiding installing software from unknown sources.



Leave a Reply

You must be logged in to post a comment.