Google released on Monday an Android system update which offers patches for a number of system vulnerabilities and included a supplementary patch targeting the Dirty COW.
The patches should cover over 23 critical system issues and offer support to a number of 37 more high-risk vulnerabilities as it will also try to patch up the Linux kernel flaw CVE-2016-5159.
CVE-2016-5159 privilege-escalation Linux flaw came to be more commonly known as Dirty COW and caused an error which is as rare as it can turn dangerous for the device.
The current patches do not offer a full-fat fix to the Dirty COW, with a complete full patch against it having been programmed for the Android Security Bulletin from December.
The Dirty COW Linux security kernel exploit could have been used by attackers so as to take control over a number of affected Android devices and have them execute malicious codes.
Android’s current supplemental patch for the problem seeks to provide software updates that should help control the security hole.
Through it, Google’s partners will also be offered the flexibility and chance of finding a faster fix for the system flaw, rather than their having to rely on Android and Google.
Experts consider that the Dirty COW vulnerability would not have been quite as dangerous if it would not have also allowed for the hackers accessing the device.
One of the major patches brought the November security update seeks to resolve Android’s remote code execution problem.
The critical vulnerability, which has been affecting the Mediaserver processing, was a recurring problem for the mobile platform ever since it was discovered in July.
The CVE-2016-6699 Stagefright system vulnerability could have potentially affected Android 7.0-powered devices.
The flaw could be exploited by an attacker as it would allow the creation of a special file that could lead to the device’s memory corruption.
The flaw’s critical nature was stressed by Amol Sarwate, Qualys’ Director of Engineering, who noted that a potential attacker could use the vulnerability in order to take control over the device.
Web browsing, emails, or MMS’s are just a few of the various methods which could be exploited by the attacker using the flaw. According to Sarwate, it is easier to lead the user towards clicking on malicious images and links when on their smartphone.
Another critical flaw which was patched by the update is the CVE-2016-6700 which affected the C library and libzipfile used by the user when modifying zip archives.
The vulnerability, which affected Android 5.1.1, 5.0.2, and 4.4.4 versions could have allowed malicious applications the chance to execute arbitrary codes which would have gained them elevated privileges.
As Google has released its new Android patches update, there are some who seem to criticize both the Internet giant and other similar market players.
With more of our day-to-day life and activities being connected to the digital media, there are some who consider that companies should seek a more proactive rather than reactive approach to the problem of system vulnerabilities and attacks.
Image Source: Wikimedia