Samsung Galaxy Devices to Receive a Patch for 'Dirty Pipe' Vulnerability
Samsung has promised to release security updates for its Galaxy devices based on Android 12 to address the ‘Dirty Pipe’ vulnerability. The highly severe security flaw was initially discovered in the Linux kernel. However, since Android uses the Linux kernel as a core, the vulnerability has been impacting some Android 12 devices, including the Samsung Galaxy S22 series as well as the Google Pixel 6 phones. It could be exploited by a malicious app to let attackers read and manipulate even encrypted content and system files on an affected device.
In a statement to Gadgets 360, Samsung promised to patch the ‘Dirty Pipe’ vulnerability on its devices.
“We have already worked to develop security patches on Galaxy devices of Android 12 and will release security updates to address the issue soon,” the company said. “We recommend that all users keep their devices updated with the latest software to ensure the highest level of protection possible.”
Exact timeline on the updates and which devices will get them are not yet revealed.
The Linux kernel vulnerability was brought into notice by security researcher Max Kellermann. Tracked as CVE-2022-0847, the bug could allow attackers to gain system-level access and overwrite data in read-only files on the system.
Kellermann had informed Gadgets 360 that while understanding the scope of the vulnerability on mobile devices is not clear, it has affected at least some Android 12 devices. The researcher was able to reproduce the bug on a Google Pixel 6.
In addition to the Pixel 6, the vulnerability could impact users on the Samsung Galaxy S22, Galaxy S22+, and the Galaxy S22 Ultra.
Google merged the bug fix given by Kellermann into the Android kernel after receiving its report in February. However, it is unclear whether a fix is coming from the Android-maker side.
Users are, in the meantime, recommended to not install apps from any third-party sources and make sure to have the latest security patches installed on their devices.
Source link