latest
Dirty COW, an Exploit in the Linux Kernel, is Now Being Abused on Android by ZNIU
Dirty COW was found last year, but was never used on Android except for rooting devices. now we see the first malicious use of it. Meet ZNIU.
Dirty COW (Dirty Copy-On-Write), or CVE-2016-5195, is a 9-year-old Linux bug that was discovered in October last year. It is one of the most serious bugs to have ever been found within the Linux kernel, and now malware dubbed ZNIU has been found in the wild. The bug was patched in the December 2016 security update, but any devices which haven't received it are vulnerable. How many devices is that? Quite a lot.
9 Year Old Linux Kernel bug dubbed 'Dirty Cow' can Root every version of Android
Dirty Cow is a newly discovered, but 9-year-old bug that can be exploited to grant root access on all versions of Android.
Despite the fact that tens of thousands of users actively pore over the Linux kernel source code actively looking for security flaws, it's not unheard of for serious bugs to go unnoticed. After all, though the chances of missing something incredibly serious are lowered by having more eyes auditing the code, we're all still human and are bound to make a mistake. The mistake this time seems to be quite serious, unfortunately. A privilege-escalation exploit was recently discovered last week, and although it has already been patched in the mainline Linux kernel, the bug could potentially be exploited on nearly every Android phone on the market until each device receives the appropriate kernel patch.