The November Android security update is live and it fixes 15 critical vulnerabilities, but it doesn’t patch a major Linux kernel exploit that can give hackers quick and complete access to devices running on Google’s OS. From a report on Engadget: Researcher Phil Oester discovered the flaw (CVE-2016-5195) in October, though he believes it’s existed since 2007. The exploit is known as “Dirty COW” because of its basis in copy-on-write systems (and maybe because that name is adorable). With this month’s security update, Google did roll out a “supplemental” firmware fix for Dirty COW across Nexus and Pixel devices. Plus, Samsung released a patch for its devices this month, according to Threatpost. An official Android patch for the Dirty COW issue is expected to land in December.
Read more of this story at Slashdot.
Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XFqWoHiZSf8/androids-latest-update-doesnt-patch-major-security-flaw-dirty-cow