Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday October 02 2017, @11:29AM   Printer-friendly
from the ground-beef dept.

Submitted via IRC for SoyCow5743

A serious vulnerability that remains unfixed in many Android devices is under active exploit, marking the first known time real-world attackers have used it to bypass key security protections built in to the mobile operating system.

Dirty Cow, as the vulnerability has been dubbed, came to light last October after lurking in the kernel of the Linux operating system for nine years. While it amounts to a mere privilege-escalation bug—as opposed to a more critical code-execution flaw—several characteristics make it particularly potent. For one, the vulnerability is located in a part of the Linux kernel that's almost universally available. And for another, reliable exploits are relatively easy to develop.

By the time it was disclosed, it was already under active exploit on Linux servers. Within days of its disclosure, researchers and hobbyists were using the vulnerability, indexed as CVE-2016-5195, to root Android phones.

Now, more than 1,200 apps available in third-party marketplaces are exploiting Dirty Cow as part of a scam that uses text-based payment services to make fraudulent charges to the phone owner, researchers from antivirus provider Trend Micro reported on Monday.

Source: https://arstechnica.com/information-technology/2017/09/in-a-first-android-apps-abuse-serious-dirty-cow-bug-to-backdoor-phones/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday October 02 2017, @03:28PM

    by Anonymous Coward on Monday October 02 2017, @03:28PM (#575928)

    I have an Android tablet yet, but I'm thinking the upgrade is going to be to native GNU/Linux instead of this GNU running on Android/Linux crap I have on it right now. (Installed a minimal Gentoo, compiled some things I wanted like ssh, and it's GNU and it mostly works. Portage tree on that device is hopelessly out of date these days though.)

    As for my phone, I'm biting the bullet and moving to a feature phone with physical buttons.

    That leaves me with the problem of a media player for the car, for which I think a Raspberry PI 3 with the official 7" touchscreen and the case meant to hold both will do if not just the aforementioned soon to be ex-Android tablet.