It’s not unusual to see vulnerabilities being spotted on mobile devices. After all, the software’s development goes forward on a yearly basis. It’s natural to find some issues under the wraps. Thankfully, there are dozen of developers and security companies digging into the code to find any possible issues. Recently, a new issue has emerged for Android smartphones. The issue was dubbed Dirty Pipe and basically is an exploit in the Linux kernel. This exploit allows individuals to inject and overwrite data in read-only processes, without any root or admin permissions. That is a serious issue, that could allow an app to basically change your system, and extract your data with simple commands.
This vulnerability has already been used to achieve temporary root access on Android. However, in the same way, it could allow hackers to inject malware to gain access to the system. Thankfully, the issue is about to disappear from smartphones. Well, at least from smartphones receiving updates.
Gizchina News of the week
Dirty Pipe meets an end on the Pixel 6 series and some Samsung devices
The Dirty Pipe issue has been fixed in the Linux Kernel within versions 5.16.11, 5.15.25, and 5.10.102, as well as on the Android version of the Linux kernel. Unfortunately, the update didn’t come natively with Google’s Android Security Patch of April 2022. The update may still arrive through the May 2022 Android security patch. However, some lucky smartphone owners are already receiving this patch. Google’s Android QPR3 Beta 2 for the Pixel 6 and Pixel 6 Pro already brings a patched kernel version. Hopefully, the update will also reach other devices in the Pixel series. Owners of Google smartphones shouldn’t wait much time for important fixes.
Apparently, the only Android OEM rolling out a fix for its smartphones is Samsung. The Korean firm has been making a remarkable job recently in rolling out updates for its smartphones. Now, some of them are getting this important security fix. The company’s security bulletin currently mentions the CVE-2022-0846 fix, and upon further inspection, this seems to fix Dirty Pipe attacks. Other flagship smartphones are still waiting for an update, such as the Xiaomi 12 series. Even OnePlus which was one of the faster in rolling updates didn’t release the fix.
It’s upon manufacturers to release an update patch right now. Anyway, we will see it coming in the future through the May 2022 security patch.
Google has been working to improve the experience with Pixel smartphones. Apart from faster updates and security fixes, the company is also partnering with Ifixit for a self-repair program. Worth noting, that the company is busy with the imminent Google I/O and Pixel 6a reveal.