A new vulnerability has been discovered in Android and it’s a BAD one. It’s a Linux privilege escalation bug that hackers are now using to hack web servers, and other Linux based machines. The bug has been present in the Linux kernel since 2007 but it has only recently been discovered as a working exploit. Independent research has provided us with this proof-of-concept code exploits ‘dirty cow’ on android and will get devices close to root. The original exploit that works for desktop and server OSes can be modified to work on Android.
By exploiting root access users can gain tethering abilities and otherwise expand capabilities normally restricted by the OS. This means that third party software could bypass your built in permissions using the exploit. Thankfully the Google play store vets developer’s code fairly well, and a patch for Linux is already available. It’s only a matter of time before a patch will be made available for Android, as well. Only certain devices receive the monthly Android updates pushed out because of carrier limitations though so ultimately many devices will still be vulnerable for a long time. Protect yourself by avoiding third-party app installs that don’t come from the ‘Play’ store, and make sure to install those updates when available.