Meanwhile, another nasty Linux bug surfaces
Google has posted an update for Android that, among other fixes, finally closes the Dirty COW vulnerability.
The December 2016 update covers a total of 74 CVE-listed security vulnerabilities in Android devices.

These fixes should be landing on Nexus handsets devices very soon, if not already, and installed as soon as possible; other devices should be getting the updates shortly, depending on how on-the-ball your manufacturer and cell network is.

Google has published patches for all of its devices.
It has also fixed up and distributed six flaws present in non-Google gear, such as Android-powered gadgets like smart locks.
Six of the patches in the batch address elevation of privilege vulnerabilities Google has rated as “critical” security risks as they allow installed applications, or hijacked apps, to take over devices.
Also fixed in the December update is CVE-2016-5195, the elevation of privilege flaw known as Dirty COW.

The programming blunder can be exploited by an attacker with local access to gain root privileges via the copy-on-write mechanism in the Linux kernel.
Further complicating matters was the prevalence; Dirty COW was found to be in Linux kernel builds as far back as 2007, making the flaw present in not only servers and mobile devices, but in Linux-based appliances and connected devices as well.
Meanwhile, as one major Linux kernel hole is fixed, another is being discovered and publicized.
CVE-2016-8655 is a privilege escalation flaw that could allow an unprivileged process to gain root-level execution on a local machine.
Researchers note that the flaw can be exploited to get total control over Linux distros as well as containers.

The vulnerability has been present in the Linux kernel since 2011 and a fix was posted on November 30.
Users and administrators should patch their Linux systems as soon as an update for their distro becomes available.

A fix for the flaw was not included in this month’s Android update. ®
Sponsored: Customer Identity and Access Management

Leave a Reply