Google Pixel 6, Samsung Galaxy S22, and some other new devices running Android 12 are affected by a highly serious Linux kernel vulnerability called “Dirty Pipe”. The vulnerability can be exploited by a malicious app to gain system-level access and overwrite data in read-only files on the system. First spotted on the Linux kernel, the bug was reproduced by a security researcher on the Pixel 6. Google was also informed of its existence to introduce system updates with patches.
Security researcher Max Kellermann of German web development company CM4all spotted the ‘Dirty Pipe’ vulnerability. immediately after kellerman publicly disclosed This week the security flaw is filed as CVE-2022-0847, after other researchers were able to detail its impact.
According to Kellerman, this issue was present in Linux Kernel since version 5.8, although this was fixed in Linux 5.16.11, 5.15.25, and 5.10.102. it’s similar todirty cow‘ The vulnerability is but easy to exploit, the researcher said.
The ‘Dirty Cow’ vulnerability affected Linux kernel versions built before 2018. This also affected users Feather AndroidAlthough Google corrected the defect by Releasing a security patch back in December 2016,
An attacker exploiting the ‘Dirty Pipe’ vulnerability can gain access to overwrite data in read-only files on Linux systems. It can also allow hackers to create unauthorized user accounts, modify scripts and build binaries by gaining access to the backdoor.
Since Android uses the Linux kernel as the core, the vulnerability has the potential to affect smartphone users as well. However, it’s limited in nature right now – thanks to the fact that most Android releases are not based on linux kernel versions those affected by the disturbance.
“Android before version 12 is not affected at all, anything else” Android 12 Devices — but not all — are affected,” Kellerman told Gadgets 360.
The researcher also said that if the device was vulnerable, the bug could be exploited to gain full root access. This means it can be used to allow an app to read and manipulate encrypted WhatsApp messages, capture verification SMS messages, impersonate users on arbitrary websites, and even remotely control any banking app installed on the device to steal money from the user.
Kellerman was able to reproduce the bug google pixel 6 and reported its details to the Android security team in February. google too bug fixes merged In the Android kernel shortly after receiving the report from the researcher.
However, it is not clear whether the bug has been fixed through the March security patch released earlier this week.
Apart from Pixel 6, Samsung Galaxy S22 Tools seem to be affected by a bug, according to this Ron Amadeo of Ars Technica.
Some other devices running Android 12 out-of-the-box are also expected to be vulnerable to attacks due to the ‘Dirty Pipes’ issue.
Gadgets 360 has contacted Google and samsung Will notify readers for clarity on the vulnerability and when companies respond.
Meanwhile, users are advised not to install apps from any third-party sources. It is also important to avoid installing any untrusted apps and games and make sure to install the latest security patches on the device.