Submitted via IRC for SoyCow5743
A serious vulnerability that remains unfixed in many Android devices is under active exploit, marking the first known time real-world attackers have used it to bypass key security protections built in to the mobile operating system.
Dirty Cow, as the vulnerability has been dubbed, came to light last October after lurking in the kernel of the Linux operating system for nine years. While it amounts to a mere privilege-escalation bug—as opposed to a more critical code-execution flaw—several characteristics make it particularly potent. For one, the vulnerability is located in a part of the Linux kernel that's almost universally available. And for another, reliable exploits are relatively easy to develop.
By the time it was disclosed, it was already under active exploit on Linux servers. Within days of its disclosure, researchers and hobbyists were using the vulnerability, indexed as CVE-2016-5195, to root Android phones.
Now, more than 1,200 apps available in third-party marketplaces are exploiting Dirty Cow as part of a scam that uses text-based payment services to make fraudulent charges to the phone owner, researchers from antivirus provider Trend Micro reported on Monday.
(Score: 2) by DannyB on Monday October 02 2017, @08:19PM
Yep, it's true.
But I do get value in return for the google spyware.
A superior experience. Maps. News. Gmail. Organizer. Contacts. YouTube. Docs / Drive. Voice recognition / commands. Translation. And much more. It's all nicely integrated into my phone. When I switch phones, it all conveniently moves with me.
I understand Google's desire for the information. To better target ads to my eyeballs. As long as ads are few and relevant, I find it's not so bad.
It's great as long as Google's policy is:
[x] Don't Be Evil!
Oh, wait.
People today are educated enough to repeat what they are taught but not to question what they are taught.