Google Issues Supplemental Android Patch For Dirty COW Linux Security Hole

Roland Moore-Colyer,

Latest security bulletin from Google’s Android looks to help plug the Linux hole

Google has released a supplemental patch for the Dirty COW Linux exploit that can be used by hackers to gain some control over some Android devices and execute malicious code.

While Google has yet to release an official, ‘full-fat’ fix for the flaw, the supplemental patch provides firmware updates to help tackle the security hole, while at the same time affording its partners the flexibility to find faster fixes for the new vulnerability in Android rather than being reliant on Google for the patch.

According to the search giant, the supplemental patch designation indicates that a device has already addressed the issues associated with Dirty COW. A full patch for Dirty COW is slated for release in the December Android Security Bulletin.

The flaw is a particularly nasty one as it can effect most version of Linux, which in part underpins many software systems including Android.

Fighting flaws

Highland cowDirty COW can be used to exploit the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings, hence its name.

This allows an unprivileged user to use the flaw to gain access to otherwise read-only memory, and from there they can increase their privileges on a targeted system or device and potentially execute code. Given the amount of Linux based system out in the world, Dirty COW has the scope to be used as a means for hackers to gain access to them.

The hole appears to be tricky to combat once it exploited as Red Hat noted is can be used in different layers of Linux making hacker attacks difficult to defend against with traditional security software.

“Due to the attack complexity, differentiating between legitimate use and attack cannot be done easily, but the attack may be detected by comparing the size of the binary against the size of the original binary,” Red Hat explained.

“This implies that antivirus can be programmed to detect the attack but not to block it unless binaries are blocked altogether.”

All this means that while Dirty COW is not necessarily a dangerous security flaw by itself, but it can enable hackers with malicious intent to wreak havoc on targeted devices.

Dirty COW has apparently been around for nearly a decade but has recently been unearthed and exploited according to Red Hat researchers.

While Google takes a pro-active approach to securing Android, the cyber threats do not seem to be slowing down with the DressCode malware recently discovered to have infected hundreds of Google Play apps.

What do you know about Linux? Take our quiz!