Pixel 6, Samsung Galaxy S22 Series, Other Android 12 Devices Vulnerable to Attacks Due to ‘Dirty Pipe’ Bug
Google Pixel 6, Samsung Galaxy S22, and some other new devices operating on Android 12 are impacted by a really critical Linux kernel vulnerability referred to as “Dirty Pipe.” The vulnerability can be exploited by a destructive application to achieve process-amount access and overwrite data in browse-only data files on the system. Initial discovered on the Linux kernel, the bug was reproduced by a protection researcher on Pixel 6. Google was also educated about its existence to introduce a technique update with a patch.
Stability researcher Max Kellermann of German World-wide-web advancement company CM4all spotted the ‘Dirty Pipe’ vulnerability. Shortly after Kellermann publicly disclosed the safety loophole this week that has been recorded as CVE-2022-0847, other researchers had been ready to detail its influence.
As for each Kellermann, the issue existed in the Linux kernel considering the fact that the edition 5.8, even though it was preset in the Linux 5.16.11, 5.15.25, and 5.10.102. It is comparable to the ‘Dirty COW’ vulnerability but is much easier to exploit, the researcher stated.
The ‘Dirty COW’ vulnerability experienced impacted Linux kernel versions established prior to 2018. It also impacted people on Android, while Google preset the flaw by releasing a protection patch again in December 2016.
An attacker exploiting the ‘Dirty Pipe’ vulnerability can acquire obtain to overwrite knowledge in read-only documents on the Linux technique. It could also make it possible for hackers to make unauthorised person accounts, modify scripts, and binaries by attaining backdoor entry.
Given that Android takes advantage of the Linux kernel as core, the vulnerability has a probable to influence smartphone customers as effectively. It is, nonetheless, limited in nature as of now — thanks to the simple fact that most Android releases are not based mostly on the Linux kernel versions that are afflicted by the flaw.
“Android prior to variation 12 is not influenced at all, and some Android 12 gadgets — but not all — are affected,” Kellermann explained to Devices 360.
The researcher also stated that if the product was vulnerable, the bug could be applied to gain total root accessibility. This suggests that it could be made use of to permit an app to study and manipulate encrypted WhatsApp messages, capture validation SMS messages, impersonate customers on arbitrary internet websites, and even remotely management any banking applications installed on the device to steal dollars from the consumer.
Kellermann was able to reproduce the bug on Google Pixel 6 and described its aspects to the Android security workforce in February. Google also merged the bug repair into the Android kernel shortly soon after it acquired the report from the researcher.
However, it is unclear no matter whether the bug has been set by way of the March protection patch that was launched previously this week.
In addition to the Pixel 6, the Samsung Galaxy S22 devices seem to be impacted by the bug, according to Ars Technica’s Ron Amadeo.
Some other units that are operating on Android 12 out-of-the-box are also envisioned to be susceptible to attacks thanks to the ‘Dirty Pipe’ situation.
Gadgets 360 has reached out to Google and Samsung for clarity on the vulnerability and will notify readers when the firms respond.
In the meantime, end users are encouraged to not set up apps from any third-celebration resources. It is also important to stay away from setting up any untrusted apps and games, and make absolutely sure to have the newest security patches mounted on the gadget.