Android devices have come under the radar again and appear to be at risk of exposure to a new type of vulnerability that could give attackers complete control over the Android device. Initially, spotted by security researcher Max Kellerman last month, the highly severe security flaw was initially discovered in the Linux kernel. Since Android uses the Linux kernel as a core, the vulnerability has been impacting some Android 12 devices, including the Samsung Galaxy S22 series as well as the Google Pixel 6 phones.
What is this security risk?
It has been identified as ‘CVE-2022-0847’ and dubbed ‘Dirty Pipe’, according to Kellerman’s blog post. The Dirty Pipe vulnerability in Linux allows attackers to execute malicious code capable of a host of destructive actions including installing backdoors into the system, injecting code into scripts, altering binaries used by elevated programs, and creating unauthorized user profiles. Kellerman’s blog post noted that the vulnerability in Linux Kernel 5.8 allowed “overwriting data in arbitrary read-only files.” Since Android is built on the Linux kernel (kernel). operating system), the vulnerability threatens any Android-powered device such as smartphones, smart speakers, TVs, etc.
Here’s how to fix it
Since this security risk resides in a foundational piece of the Linux kernel, it can have major repercussions across the world. The ease of exploitation coupled with its scope makes Dirty Pipe a major threat for all Linux maintainers. So, the best course of action to take against Dirty Pipe would be to update your systems with the latest security updates.
The vulnerability was first reported by Max Kellerman of CM4all and a patch mitigating the threat on kernel versions 5.10.102, 5.15.25, and 5.16.11 was released by the Linux kernel security team last month. Following this, Google has patched the loophole in Android. If you have kept your Linux machines up-to-date, you should be worry-free and safe.
Meanwhile in a related development, Samsung has also promised to release security updates for its Galaxy devices based on Android 12 to address the ‘Dirty Pipe’ vulnerability.
“We have already worked to develop security patches on Galaxy devices of Android 12 and will release security updates to address the issue soon,” the company said. “We recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible,” it said.