This vulnerability affects all devices based on version 5.10 of the Linux kernel, including the Samsung Galaxy S22 and Google Pixel 6.
A Dirty Pipe-style zeo-day flaw
The security flaw was spotted by Zhenpeng Lin, a security researcher. He explains that it allows an attacker to gain elevation of privilege via arbitrary reading and writing, and to disable the SELinux security architecture.
The vulnerability, which does not yet have a nickname, is compared to the recent Linux Dirty Pipe flaw that we told you about a few months ago. This affected devices running Linux kernel 5.8 and later, but has since been patched.
If you are in possession of a Samsung mobile, know that the One UI interface makes it easy to find out which version of the Linux kernel you are on. Go to “Settings”, then to “About phone”, and finally to “Software information”.
How to guard against vulnerability?
To date, there is no patch that would close this security flaw on its Android smartphone. Even devices that receive regular software monitoring are vulnerable, as the July 2022 security patch does not fix the bug. The security researcher behind the discovery nevertheless warned Google, which could work on developing a fix. But it’s unclear when it will start rolling out.
In the meantime, we still have good news to announce: this new zero-day security flaw does not allow a hacker to execute code remotely on your terminal. This means either direct physical access to your mobile for the hacker to take, or the user’s device to be infected with malware that takes advantage of the vulnerability.
In the first case, we remind you that it is important to protect your smartphone with a secure authentication method. In the second situation, remember to always be vigilant when downloading applications or files from the Internet, and to verify that the source is reliable and legitimate. By doing so, you should avoid any issues while waiting for the hotfix patch.
Android: a huge security flaw affects the Pixel 6 and Samsung Galaxy S22
More recently, a new security flaw of this type affecting the Android operating system has just been discovered. This was discovered by Zhenpeng Lin, a security researcher and doctoral student at Northwestern University. The man in question has demonstrated the vulnerability caused by this flaw on his Pixel 6. And potential victims can include many latest generation Android smartphones, since the flaw mainly concerns the Linux kernel, and specifically version 5.10.
A SECURITY FAILURE CAN AFFECT YOUR SAMSUNG GALAXY S22 OR YOUR PIXEL 6
Without going into overly technical terms and details, the flaw allows a cybercriminal to obtain authorization to disable SELinux, the Linux kernel’s security module. To put it simply, a cybercriminal capable of exploiting this flaw could have full access to the operating system, with the possibility of stealing personal data and causing several damages. As pointed out by Zhenpeng Lin, the flaw affects all smartphones that run Linux kernel version 5.10, and specifically Samsung’s Galaxy S22 series and Google’s Pixel 6 series.
The security researcher has yet to announce details of the security flaw, and he says users can rest easy while they wait for Google to release an update to fix the problem.
Google is indeed aware of the situation, and the flaw will be corrected quickly. Probably in September, when Google announces new security patches. In the meantime, it is advisable not to install applications from untrusted sources, this is to minimize the risks.