Android apps and phones have been known to be vulnerable in the past, and this is still the case today. A new exploit known as Dirty Pipe has been uncovered that allows apps to access files, spread malicious programs, and possibly control the entire system of vulnerable Android 12 devices if they have the proper rights.
Be Wary of the Dirty Pipe Exploit On Android
Android developer Max Kellerman identified the Dirty Pipe vulnerability, also known as CVE-2022-0847 (a number allocated to common vulnerabilities). He discovered the flaw with a Pixel 6 and reported it to Google. Linux 5.8, which was launched for Android in 2020, was the source of the vulnerability. According to Ron Amadeo of Ars Technica, the vulnerability only affects brand new Android 12 smartphones such as the Pixel 6 and Galaxy S22.
While your Galaxy S22 Ultra may be physically tough, it is susceptible to infection due to a flaw. It has been termed as one of the most high-severity vulnerabilities and affects Linux-powered devices like Android-based smartphones, Google Home devices, Chromebooks, and more.
What is the Mechanism of Vulnerability?
The Dirty Pipe is said to impact Linux pipes (which carry data from one software or process to another) and Pages (the small chunks of memory). This flaw can be used to abuse pipes and pages, allowing attackers to modify data or take complete control of the device. You can read all the technical details over here.
Last month, Linux issued updates for supported devices in the form of 5.16.11, 5.15.25, and 5.10.102. This was in response to Kellerman’s reporting. Kellerman’s fix was then incorporated into the Android kernel by Google. Although, at the time of writing, it had not yet been made available to users. Google is expected to deploy a remedy for Dirty Pipe either as a separate patch update or as part of the April security update.
If you’re concerned that your Galaxy S22 or Pixel 6 is vulnerable, go to Settings and check the Kernel version. If it’s greater than 5.8, your phone may be vulnerable to the Dirty Pipe vulnerability. Fortunately, the exploit has yet to be deployed by an attacker in the wild.
The researchers have devised proof-of-concept examples to demonstrate how Dirty Pipe can be used to quickly penetrate a vulnerable device.