A researcher has successfully utilized the captious Dirty Pipe vulnerability successful Linux to afloat basal 2 models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the powerfulness of exploiting the recently discovered OS flaw.
The researcher chose those 2 handset models for a bully reason: they are 2 of the few—if not the only—devices known to tally Android mentation 5.10.43, the lone merchandise of Google's mobile OS that's susceptible to Dirty Pipe. Because the LPE, oregon section privilege escalation, vulnerability wasn't introduced until the precocious released mentation 5.8 of the Linux kernel, the beingness of exploitable devices—whether mobile, Internet of Things, oregon servers and desktops—is comparatively small.
Behold, a reverse ammunition with basal privileges
But for devices that bash bundle affected Linux kernel versions, Dirty Pipe offers hackers—both benign and malicious—a level for bypassing mean information controls and gaining afloat basal control. From there, a malicious app could surreptitiously bargain authentication credentials, photos, files, messages, and different delicate data. As I reported past week, Dirty Pipe is among the astir superior Linux threats to beryllium disclosed since 2016, the twelvemonth different high-severity and easy-to-exploit Linux flaw named Dirty Cow came to light.
Android uses information mechanisms specified arsenic SELinux and sandboxing, which often marque exploits hard, if not impossible. Despite the challenge, the palmy And...