Google Finally Patches Dirty COW in Android


The latest security update for Android includes a patch for Dirty COW.

In November when Google released its security bulletin for Android, it omitted a patch for the Dirty COW vulnerability in Linux. The company has released the last security bulletin for 2016, which now patches CVE-2016-5195. Dirty COW is just one of 11 critical vulnerabilities that Google is patching with this update.

In the November update, Google skipped the patch, although the company did release a supplemental update for its own Pixel and Nexus devices that patched the bug. Samsung was the only other Android vendor that patched the bug on its devices.

The Linux kernel community usually is very aggressive when it comes to patching security bugs. Google’s Security Bulletin mentions that Dirty COW was discovered on 12 October, and the vulnerability was patched in October. All major Linux distros then released their own patches. Google, however, only released an Android patch two months later. Although the patch exists, many Android users might not see it for another few months, and some vendors may never patch their devices.

Threatpost, The Kaspersky Lab security news service, reported, “the 5 Dec patch level also includes patches for vulnerabilities rated high severity in the kernel, kernel file system, HTC sound code, MediaTek drivers, Qualcomm codecs and drivers, and NVIDIA drivers among others. Most of the flaws are elevation of privilege issues.”

comments powered by Disqus

SysAdmin Day 2017!

  • Happy SysAdmin Day 2017!

    Download a free gift to celebrate SysAdmin Day, a special day dedicated to system administrators around the world. The Linux Professional Institute (LPI) and Linux New Media are partnering to provide a free digital special edition for the tireless and dedicated professionals who keep the networks running: “10 Terrific Tools."

Special Edition


Subscribe to ADMIN Update for IT news and technical tips.

ADMIN Magazine on Twitter

Follow us on twitter