Security Researchers Use Dirty COW Leak For Root Access On Android
Security researchers have used the recently fixed Linux vulnerability known as Dirty COW to gain root access on Android devices. This would be possible on all devices running Android 1.0 or higher.
One of the researchers, David Manouchehri, has developed a proof of concept that makes devices almost rootable, Ars Technica writes. Full root access is then possible with a few additional lines of code. The researcher has tested the code on five Android devices. Another researcher, who wishes to remain anonymous, claims to the site that he has also developed a working exploit together with others. He used a modified version of a public Dirty COW exploit.
He declined to provide further details on the exploit’s code, as he’s applying a “unique route” and doesn’t want Google to shut it down. According to Manouchehri, all Android versions from the first release are vulnerable because the vulnerability is present in the Linux kernel from version 2.6.22. In Android 1.0, version 2.6.25 would be found. The researchers believe it is possible that others have developed a malicious app with a working exploit.
Patches for the Dirty COW vulnerability were released last week after an exploit was found for it. The privilege escalation leak has existed in the Linux kernel since 2007.
Image through David Manouchehric