Wednesday, December 7, 2016

Planned update to Android completely eliminated the problem of Dirty Cow – Hacker

In December 2016, Google has divided Android Security Bulletin on two levels. The first level is 2016-12-01, which includes 16 patches (10 high risk and 6 vulnerability the average level). The second level is 2016-12-05, which already included 58 pacta (11 critical vulnerabilities, 33 high-threat vulnerabilities and bugs 14 medium severity).

All sixteen vulnerabilities level 2016-12-01 threat to Android 4.4.4 and older, including 7 Android. And most of the bugs touched on the latest version of the OS: four vulnerabilities in General was presented in Android only 7, and only two out of sixteen vulnerabilities were irrelevant to the Nougat.

the Most important patch from a set of 2016-12-05 definitely is to fix a critical vulnerability CVE-2016-5195, better known as the Dirty Cow. I remind you that this problem was discovered in October 2016. It turned out that in the Linux kernel for almost ten years there was a vulnerability that allows elevation of privileges. When Dirty Cow found a bug already enjoyed the attackers found a weak spot before security experts. Almost immediately it became obvious that the problem also extends to Android devices, but for training the patch experts Google took more than a month. In November of 2016 was presented with a preliminary “patch”.

other critical vulnerabilities should mention the problem of CVE-2016-4794 relevant to device Pixel C, Pixel and Pixel XL. As well as the Dirty Cow, this vulnerability allowed us to elevate privileges on the system. Other critical vulnerabilities fixed in this month, was discovered in the Nvidia GPU driver in the kernel, the Nvidia video driver, the kernel driver ION, as well as the Qualcomm MSM interface.


No comments:

Post a Comment